{"id": "USN-1910-1", "bulletinFamily": "unix", "title": "Bind vulnerability", "description": "Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.", "published": "2013-07-29T00:00:00", "modified": "2013-07-29T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1910-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4854"], "cvelist": ["CVE-2013-4854"], "type": "ubuntu", "lastseen": "2018-08-31T00:09:45", "history": [{"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns64", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns95", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}], "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "cfc9dea323ab951a09a8589b047e2a0b21a6cb9da0a466e36e7f0a54cac110a3", "hashmap": [{"hash": "f95a8b2c09fe6c552e5fafe787c5d281", "key": "cvelist"}, {"hash": "3edf226566cb69ee167d456e43b0d2bf", "key": "modified"}, {"hash": "6900de332e5d5804cc1afcf3cb1f2586", "key": "description"}, {"hash": "5f843811491a6e647e13805d9f986f13", "key": "title"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "3e6cb8c0479f90b6a385b0867fe2941c", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "529c1300306bdbbf3c86abcfb938ad73", "key": "affectedPackage"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "090e0532748fe7538b0671461babed77", "key": "references"}, {"hash": "3edf226566cb69ee167d456e43b0d2bf", "key": "published"}], "history": [], "href": "https://usn.ubuntu.com/1910-1/", "id": "USN-1910-1", "lastseen": "2018-08-30T20:08:36", "modified": "2013-07-29T00:00:00", "objectVersion": "1.3", "published": "2013-07-29T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4854"], "reporter": "Ubuntu", "title": "Bind vulnerability", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:08:36"}, {"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns64", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns95", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}], "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f2f7961059517dab53dfbb997d46d300d6a69ce13978844ffc0a222eb56f378f", "hashmap": [{"hash": "f95a8b2c09fe6c552e5fafe787c5d281", "key": "cvelist"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "3edf226566cb69ee167d456e43b0d2bf", "key": "modified"}, {"hash": "6900de332e5d5804cc1afcf3cb1f2586", "key": "description"}, {"hash": "5f843811491a6e647e13805d9f986f13", "key": "title"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "3e6cb8c0479f90b6a385b0867fe2941c", "key": "href"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "529c1300306bdbbf3c86abcfb938ad73", "key": "affectedPackage"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "090e0532748fe7538b0671461babed77", "key": "references"}, {"hash": "3edf226566cb69ee167d456e43b0d2bf", "key": "published"}], "history": [], "href": "https://usn.ubuntu.com/1910-1/", "id": "USN-1910-1", "lastseen": "2018-03-29T18:18:20", "modified": "2013-07-29T00:00:00", "objectVersion": "1.3", "published": "2013-07-29T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4854"], "reporter": "Ubuntu", "title": "Bind vulnerability", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-03-29T18:18:20"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "529c1300306bdbbf3c86abcfb938ad73"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "f95a8b2c09fe6c552e5fafe787c5d281"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "6900de332e5d5804cc1afcf3cb1f2586"}, {"key": "href", "hash": "3e6cb8c0479f90b6a385b0867fe2941c"}, {"key": "modified", "hash": "3edf226566cb69ee167d456e43b0d2bf"}, {"key": "published", "hash": "3edf226566cb69ee167d456e43b0d2bf"}, {"key": "references", "hash": "090e0532748fe7538b0671461babed77"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "5f843811491a6e647e13805d9f986f13"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "f2f7961059517dab53dfbb997d46d300d6a69ce13978844ffc0a222eb56f378f", "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns64", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns95", "packageVersion": "1:9.9.2.dfsg.P1-2ubuntu2.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libdns81", "packageVersion": "1:9.8.1.dfsg.P1-4.2ubuntu3.3"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.7.0.dfsg.P1-1ubuntu0.10"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.7"}]}

{"cve": [{"lastseen": "2018-11-01T05:14:11", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-13-210/", "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202", "https://support.apple.com/kb/HT6536", "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396", "https://kb.isc.org/article/AA-01016", "https://kb.isc.org/article/AA-01015", "http://www.securityfocus.com/bid/61479", "http://www.ubuntu.com/usn/USN-1910-1", "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc", "http://rhn.redhat.com/errata/RHSA-2013-1115.html", "http://www.debian.org/security/2013/dsa-2728", "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html", "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html", "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html", "http://linux.oracle.com/errata/ELSA-2014-1244", "http://rhn.redhat.com/errata/RHSA-2013-1114.html", "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html", "http://www.securitytracker.com/id/1028838", "https://kc.mcafee.com/corporate/index?page=content&id=SB10052"], "description": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.", "edition": 6, "reporter": "NVD", "published": "2013-07-29T09:59:37", "title": "CVE-2013-4854", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19561", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-4854"], "scanner": [], "modified": "2018-10-30T12:27:33", "cpe": ["cpe:/a:isc:bind:9.7.2:p3", "cpe:/a:isc:bind:9.9.3:rc1", "cpe:/a:isc:bind:9.9.2", "cpe:/a:isc:bind:9.7.2:p2", "cpe:/a:isc:bind:9.8.5:p1", "cpe:/a:isc:bind:9.7.1", "cpe:/a:isc:bind:9.8.0:a1", "cpe:/a:isc:bind:9.9.3:b2", "cpe:/a:isc:bind:9.8.3", "cpe:/o:fedoraproject:fedora:18", "cpe:/a:isc:bind:9.7.3", "cpe:/a:isc:bind:9.9.3", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/a:isc:bind:9.8.3:p1", "cpe:/a:isc:bind:9.7.4", "cpe:/a:isc:bind:9.7.0:b1", "cpe:/a:isc:bind:9.8.0:p1", "cpe:/a:isc:bind:9.7.1:p1", "cpe:/a:isc:bind:9.7.5:rc2", "cpe:/o:freebsd:freebsd:8.2", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:isc:dnsco_bind:9.9.3:s1", "cpe:/a:isc:bind:9.8.1", "cpe:/a:isc:dnsco_bind:9.9.4:s1b1", "cpe:/a:isc:bind:9.8.0:b1", "cpe:/a:isc:bind:9.7.7", "cpe:/a:isc:bind:9.7.6", "cpe:/a:isc:bind:9.7.2:rc1", "cpe:/a:isc:bind:9.8.5:rc1", "cpe:/a:isc:bind:9.7.0:rc1", "cpe:/a:isc:bind:9.7.2", "cpe:/a:isc:bind:9.8.2:b1", "cpe:/o:fedoraproject:fedora:19", "cpe:/a:isc:bind:9.9.0:rc4", "cpe:/a:isc:bind:9.9.1", "cpe:/o:novell:suse_linux:11::server", "cpe:/a:isc:bind:9.7.3:p1", "cpe:/o:freebsd:freebsd:9.2:rc1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/a:isc:bind:9.8.1:p1", "cpe:/a:isc:bind:9.9.3:b1", "cpe:/o:freebsd:freebsd:8.3", "cpe:/a:isc:bind:9.8.0", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/a:isc:bind:9.7.5:b1", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3", "cpe:/a:isc:bind:9.8.0:p4", "cpe:/a:isc:bind:9.9.0:a2", "cpe:/a:isc:bind:9.7.3:rc1", "cpe:/a:isc:bind:9.9.0:a3", "cpe:/o:freebsd:freebsd:9.1:release-p4", "cpe:/a:isc:bind:9.7.0:rc2", "cpe:/o:freebsd:freebsd:9.2:prerelease", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2", "cpe:/a:isc:bind:9.8.0:p2", "cpe:/a:isc:bind:9.9.0", "cpe:/a:isc:bind:9.8.5:rc2", "cpe:/a:isc:bind:9.7.3:b1", "cpe:/a:isc:bind:9.7.4:b1", "cpe:/a:isc:bind:9.8.2:rc2", "cpe:/a:isc:bind:9.9.0:a1", "cpe:/a:isc:bind:9.8.1:b3", "cpe:/a:isc:bind:9.8.1:b1", "cpe:/o:freebsd:freebsd:9.1:release-p5", "cpe:/a:isc:bind:9.8.1:b2", "cpe:/a:isc:bind:9.8.3:p2", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:freebsd:freebsd:8.4", "cpe:/a:isc:bind:9.9.0:rc2", "cpe:/o:freebsd:freebsd:9.2:rc2", "cpe:/a:isc:bind:9.7.0", "cpe:/a:isc:bind:9.9.3:p1", "cpe:/o:mandriva:business_server:1.0", "cpe:/a:isc:bind:9.8.5:b1", "cpe:/a:isc:bind:9.8.0:rc1", "cpe:/a:isc:bind:9.8.5:b2", "cpe:/a:isc:bind:9.8.6:b1", "cpe:/a:isc:bind:9.8.5", "cpe:/a:isc:bind:9.7.6:p2", "cpe:/a:isc:bind:9.7.0:p2", "cpe:/a:isc:bind:9.9.0:b2", "cpe:/o:mandriva:enterprise_server:5.0", "cpe:/a:isc:bind:9.7.4:p1", "cpe:/o:freebsd:freebsd:8.0", "cpe:/a:isc:bind:9.7.1:p2", "cpe:/a:isc:bind:9.8.2:rc1", "cpe:/a:isc:bind:9.9.0:b1", "cpe:/a:isc:bind:9.9.0:rc1", "cpe:/a:isc:bind:9.7.0:p1", "cpe:/o:hp:hp-ux:b.11.31", "cpe:/o:redhat:enterprise_linux:6", "cpe:/a:isc:bind:9.9.0:rc3", "cpe:/a:isc:bind:9.7.4:rc1", "cpe:/a:isc:bind:9.9.1:p2", "cpe:/a:isc:bind:9.8.1:rc1", "cpe:/a:isc:bind:9.7.2:p1", "cpe:/a:isc:bind:9.7.5", "cpe:/a:isc:bind:9.9.3:rc2", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:freebsd:freebsd:9.0", "cpe:/a:isc:bind:9.8.4", "cpe:/o:freebsd:freebsd:8.1", "cpe:/a:isc:bind:9.7.6:p1", "cpe:/a:isc:bind:9.7.5:rc1", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/a:isc:bind:9.9.1:p1", "cpe:/a:isc:bind:9.7.1:rc1", "cpe:/o:freebsd:freebsd:9.1"], "id": "CVE-2013-4854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4854", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:34", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 426341 (BIG-IP) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.4.0 \n| 9.0.0 - 9.6.1 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP AAM | 11.4.0 | 11.4.0 HF3 \n11.4.1 - 11.5.1 | BIND \nBIG-IP AFM | 11.3.0 - 11.4.0 \n| 11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 | BIND \nBIG-IP Analytics | 11.0.0 - 11.4.0 \n| 11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 | BIND \nBIG-IP APM | 11.0.0 - 11.4.0 \n| 10.1.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP ASM | 11.0.0 - 11.4.0 \n| 9.2.0 - 9.4.8 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP Edge Gateway \n| 11.0.0 - 11.3.0 \n| 10.1.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n| BIND \nBIG-IP GTM | 11.0.0 - 11.4.0 \n| 9.2.2 - 9.4.8 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP Link Controller | 11.0.0 - 11.4.0 \n| 9.2.2 - 9.4.8 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP PEM | 11.3.0 - 11.4.0 \n| 11.3.0 HF7 \n11.4.0 HF3 \n11.4.1 - 11.5.1 \n| BIND \nBIG-IP PSM | 11.0.0 - 11.4.0 \n| 9.4.5 - 9.4.8 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n11.4.0 HF3 \n| BIND \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 \n| 9.4.0 - 9.4.8 \n10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n| BIND \nBIG-IP WOM | 11.0.0 - 11.3.0 \n| 10.0.0 - 10.2.4 \n11.1.0 HF10 \n11.2.1 HF9 \n11.3.0 HF7 \n| BIND \nARX | None | 5.0.0 - 5.3.1 \n6.0.0 - 6.4.0 \n| None \nEnterprise Manager | None | 1.6.0 - 1.8.0 \n2.0.0 - 2.3.0 \n3.0.0 - 3.1.1 \n| None \nFirePass | None | 6.0.0 - 6.1.0 \n7.0.0 \n| None\n\nNone \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "reporter": "f5", "published": "2013-08-16T02:48:00", "title": "BIND vulnerability CVE-2013-4854", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-4854"], "modified": "2017-03-14T18:57:00", "href": "https://support.f5.com/csp/article/K14613", "id": "F5:K14613", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:05", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "reporter": "f5", "published": "2013-08-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SOL14613 - BIND vulnerability CVE-2013-4854", "type": "f5", "bulletinFamily": "software", "cvelist": ["CVE-2013-4854"], "modified": "2013-08-15T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14613.html", "id": "SOL14613", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:28:28", "references": ["http://download.novell.com/patch/finder/?keywords=b60df9afc37de4b5115de94bdcd07cce", "https://bugzilla.novell.com/831899", "http://download.novell.com/patch/finder/?keywords=6b7570508ab209647dc76ea23518d5e9"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-devel-32bit-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-libs-x86-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-libs-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-utils-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-doc-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-libs-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-libs-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-devel-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-devel-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-doc-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-devel-32bit-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-doc-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-devel-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-doc-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-utils-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-devel-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-doc-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-libs-x86-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-libs-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-doc-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-chrootenv-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "ppc64", "packageFilename": "bind-libs-9.9.3P2-0.5.1.ppc64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "s390x", "packageFilename": "bind-libs-32bit-9.9.3P2-0.5.1.s390x.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-devel-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-0.5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "9.9.3P2-0.5.1", "arch": "i586", "packageFilename": "bind-9.9.3P2-0.5.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "9.9.3P2-0.5.1", "arch": "ia64", "packageFilename": "bind-doc-9.9.3P2-0.5.1.ia64.rpm", "packageName": "bind-doc", "operator": "lt"}], "description": "A specially crafted query with malicious rdata could have\n caused a crash (DoS) in named.\n", "edition": 1, "reporter": "Suse", "published": "2013-08-07T21:04:12", "title": "Security update for bind (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-08-07T21:04:12", "id": "SUSE-SU-2013:1310-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "references": ["https://bugzilla.novell.com/831899"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-devel-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-lwresd-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-lwresd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-lwresd-debuginfo-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-lwresd-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-libs-debuginfo-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-utils-debuginfo-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-utils-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-debugsource-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-libs-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-debuginfo-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-utils-debuginfo-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-utils-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-utils-debuginfo-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-utils-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-lwresd-debuginfo-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-lwresd-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-devel-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-devel-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-utils-debuginfo-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-utils-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "noarch", "packageFilename": "bind-doc-9.9.3P2-2.7.1.noarch.rpm", "packageName": "bind-doc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-debugsource-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-debuginfo-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-debuginfo-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-lwresd-debuginfo-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-lwresd-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-libs-debuginfo-32bit-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-libs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-libs-debuginfo-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-libs-32bit-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-lwresd-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-lwresd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-libs-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-debugsource-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-utils-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-debuginfo-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-utils-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-utils-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-libs-debuginfo-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-lwresd-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-lwresd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-debugsource-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "i586", "packageFilename": "bind-chrootenv-9.9.3P2-2.7.1.i586.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-chrootenv-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-chrootenv", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-lwresd-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-lwresd", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "x86_64", "packageFilename": "bind-devel-9.9.2P2-1.19.1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-libs-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-lwresd-debuginfo-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-lwresd-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "9.9.3P2-2.7.1", "arch": "x86_64", "packageFilename": "bind-libs-debuginfo-32bit-9.9.3P2-2.7.1.x86_64.rpm", "packageName": "bind-libs-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "i586", "packageFilename": "bind-libs-debuginfo-9.9.2P2-1.19.1.i586.rpm", "packageName": "bind-libs-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "9.9.2P2-1.19.1", "arch": "noarch", "packageFilename": "bind-doc-9.9.2P2-1.19.1.noarch.rpm", "packageName": "bind-doc", "operator": "lt"}], "description": "The BIND nameserver was updated to 9.9.3P2 to fix a\n security issue where incorrect bounds checking on private\n type 'keydata' could lead to a remotely triggerable REQUIRE\n failure. (CVE-2013-4854, bnc#831899)\n\n", "edition": 1, "reporter": "Suse", "published": "2013-08-19T11:04:11", "title": "bind: 9.9.3P2 security and bugfix update (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-08-19T11:04:11", "id": "OPENSUSE-SU-2013:1353-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00017.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:43", "references": ["https://bugzilla.novell.com/831899"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-debuginfo-x86", "packageFilename": "bind-libs-debuginfo-x86-9.9.2P2-49.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-devel", "packageFilename": "bind-devel-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-debugsource", "packageFilename": "bind-debugsource-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-lwresd-debuginfo", "packageFilename": "bind-lwresd-debuginfo-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-devel", "packageFilename": "bind-devel-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-lwresd-debuginfo", "packageFilename": "bind-lwresd-debuginfo-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-debuginfo", "packageFilename": "bind-libs-debuginfo-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-lwresd", "packageFilename": "bind-lwresd-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs", "packageFilename": "bind-libs-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind", "packageFilename": "bind-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-debugsource", "packageFilename": "bind-debugsource-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-32bit", "packageFilename": "bind-libs-32bit-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-lwresd", "packageFilename": "bind-lwresd-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs", "packageFilename": "bind-libs-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-utils", "packageFilename": "bind-utils-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-doc", "packageFilename": "bind-doc-9.9.2P2-49.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-chrootenv", "packageFilename": "bind-chrootenv-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-utils-debuginfo", "packageFilename": "bind-utils-debuginfo-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-chrootenv", "packageFilename": "bind-chrootenv-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-x86", "packageFilename": "bind-libs-x86-9.9.2P2-49.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-utils", "packageFilename": "bind-utils-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-debuginfo-32bit", "packageFilename": "bind-libs-debuginfo-32bit-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind", "packageFilename": "bind-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-utils-debuginfo", "packageFilename": "bind-utils-debuginfo-9.9.2P2-49.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "9.9.2P2-49.1", "packageName": "bind-libs-debuginfo", "packageFilename": "bind-libs-debuginfo-9.9.2P2-49.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "A specially crafted query with malicious rdata could have\n caused a crash (DoS) in named.\n\n", "edition": 1, "reporter": "Suse", "published": "2013-08-19T12:04:10", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "update for bind (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-08-19T12:04:10", "id": "OPENSUSE-SU-2013:1354-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-22T13:10:05", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html", "2013-13863"], "pluginID": "866823", "description": "Check for the Version of bind", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for bind FEDORA-2013-13863", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866823", "id": "OPENVAS:866823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2013-13863\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866823);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:29:55 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for bind FEDORA-2013-13863\");\n\n tag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses a resolver library\n(routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating properly.\n\";\n\n tag_affected = \"bind on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-13863\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.3~5.P2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:52", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-July/019879.html", "2013:1114"], "pluginID": "1361412562310881775", "description": "Check for the Version of bind", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-01T00:00:00", "title": "CentOS Update for bind CESA-2013:1114 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881775", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2013:1114 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881775\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:44:42 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for bind CESA-2013:1114 centos6 \");\n\n\n tag_affected = \"bind on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1114\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019879.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:14:06", "references": ["2013:1115-01", "https://www.redhat.com/archives/rhsa-announce/2013-July/msg00033.html"], "pluginID": "1361412562310871022", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH", "published": "2014-05-20T00:00:00", "title": "RedHat Update for bind97 RHSA-2013:1115-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind97 RHSA-2013:1115-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871022\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-20 12:45:13 +0530 (Tue, 20 May 2014)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for bind97 RHSA-2013:1115-01\");\n\n\n script_tag(name:\"affected\", value:\"bind97 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1115-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00033.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind97'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-debuginfo\", rpm:\"bind97-debuginfo~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:40", "references": ["1910-1", "http://www.ubuntu.com/usn/usn-1910-1/"], "pluginID": "1361412562310841523", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-08T00:00:00", "title": "Ubuntu Update for bind9 USN-1910-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310841523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841523", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1910_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for bind9 USN-1910-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841523\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-08 11:47:40 +0530 (Thu, 08 Aug 2013)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu Update for bind9 USN-1910-1\");\n\n\n script_tag(name:\"affected\", value:\"bind9 on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Maxim Shudrak discovered that Bind incorrectly handled certain malformed\nrdata. A remote attacker could use this flaw with a specially crafted\nquery to cause Bind to stop responding, resulting in a denial of service.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1910-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1910-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|12\\.10|13\\.04)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.1.dfsg.P1-4ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdns81\", ver:\"1:9.8.1.dfsg.P1-4ubuntu0.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.7.0.dfsg.P1-1ubuntu0.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdns64\", ver:\"1:9.7.0.dfsg.P1-1ubuntu0.10\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.1.dfsg.P1-4.2ubuntu3.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdns81\", ver:\"1:9.8.1.dfsg.P1-4.2ubuntu3.3\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.9.2.dfsg.P1-2ubuntu2.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdns95\", ver:\"1:9.9.2.dfsg.P1-2ubuntu2.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:09:33", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-July/019880.html", "2013:1115"], "pluginID": "881768", "description": "Check for the Version of bind97", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-01T00:00:00", "title": "CentOS Update for bind97 CESA-2013:1115 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-01-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881768", "id": "OPENVAS:881768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind97 CESA-2013:1115 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\";\n\n\nif(description)\n{\n script_id(881768);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:43:24 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for bind97 CESA-2013:1115 centos5 \");\n\n\n tag_affected = \"bind97 on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1115\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019880.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of bind97\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~17.P2.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~17.P2.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~17.P2.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~17.P2.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~17.P2.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:28", "references": ["http://linux.oracle.com/errata/ELSA-2013-1114.html"], "pluginID": "1361412562310123592", "description": "Oracle Linux Local Security Checks ELSA-2013-1114", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-1114", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123592", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1114.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123592\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1114\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1114 - bind security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1114\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1114.html\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.17.rc1.0.2.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:52", "references": ["http://www.debian.org/security/2013/dsa-2728.html"], "pluginID": "1361412562310892728", "description": "Maxim Shudrak and the HP Zero Day Initiative reported a denial of\nservice vulnerability in BIND, a DNS server. A specially crafted query\nthat includes malformed rdata can cause named daemon to terminate with\nan assertion failure while rejecting the malformed query.", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-07-27T00:00:00", "title": "Debian Security Advisory DSA 2728-1 (bind9 - denial of service)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310892728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892728", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2728.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2728-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"bind9 on Debian Linux\";\ntag_insight = \"The Berkeley Internet Name Domain (BIND) implements an Internet domain\nname server. BIND is the most widely-used name server software on the\nInternet, and is supported by the Internet Software Consortium, www.isc.org.\nThis package provides the server and related configuration files.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze11.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your bind9 packages.\";\ntag_summary = \"Maxim Shudrak and the HP Zero Day Initiative reported a denial of\nservice vulnerability in BIND, a DNS server. A specially crafted query\nthat includes malformed rdata can cause named daemon to terminate with\nan assertion failure while rejecting the malformed query.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892728\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2013-4854\");\n script_name(\"Debian Security Advisory DSA 2728-1 (bind9 - denial of service)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-07-27 00:00:00 +0200 (Sat, 27 Jul 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2728.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"host\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-60\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns69\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc62\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc60\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg62\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres60\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.7.3.dfsg-1~squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns88\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc84\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg82\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:26", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-July/019879.html", "2013:1114"], "pluginID": "881775", "description": "Check for the Version of bind", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-08-01T00:00:00", "title": "CentOS Update for bind CESA-2013:1114 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-01-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881775", "id": "OPENVAS:881775", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2013:1114 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\";\n\n\nif(description)\n{\n script_id(881775);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:44:42 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Update for bind CESA-2013:1114 centos6 \");\n\n\n tag_affected = \"bind on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1114\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019879.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.17.rc1.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:49:02", "references": ["2013:1114-01", "https://www.redhat.com/archives/rhsa-announce/2013-July/msg00032.html"], "pluginID": "871025", "description": "Check for the Version of bind", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2014-05-20T00:00:00", "title": "RedHat Update for bind RHSA-2013:1114-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871025", "id": "OPENVAS:871025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind RHSA-2013:1114-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871025);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-20 12:45:15 +0530 (Tue, 20 May 2014)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for bind RHSA-2013:1114-01\");\n\n tag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\";\n\n tag_affected = \"bind on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1114-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00032.html\");\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.17.rc1.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.17.rc1.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.8.2~0.17.rc1.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.17.rc1.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.17.rc1.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:48:49", "references": ["2013:1115-01", "https://www.redhat.com/archives/rhsa-announce/2013-July/msg00033.html"], "pluginID": "871022", "description": "Check for the Version of bind97", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2014-05-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "RedHat Update for bind97 RHSA-2013:1115-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871022", "id": "OPENVAS:871022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind97 RHSA-2013:1115-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871022);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-20 12:45:13 +0530 (Tue, 20 May 2014)\");\n script_cve_id(\"CVE-2013-4854\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Update for bind97 RHSA-2013:1115-01\");\n\n tag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named) a\nresolver library (routines for applications to use when interfacing with\nDNS) and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\";\n\n tag_affected = \"bind97 on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1115-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00033.html\");\n script_summary(\"Check for the Version of bind97\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-debuginfo\", rpm:\"bind97-debuginfo~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~17.P2.el5_9.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:20", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-chroot", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-utils", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-utils", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-chroot", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-debuginfo", "packageFilename": "bind97-debuginfo-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-chroot", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-utils", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-chroot", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-utils", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-chroot", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-utils", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-devel", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageName": "bind97-libs", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named); a\nresolver library (routines for applications to use when interfacing with\nDNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n", "reporter": "RedHat", "published": "2013-07-30T04:00:00", "type": "redhat", "title": "(RHSA-2013:1115) Important: bind97 security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:08:45", "id": "RHSA-2013:1115", "href": "https://access.redhat.com/errata/RHSA-2013:1115", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:10:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "src", "packageName": "bind", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-chroot", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-sdb", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-chroot", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-sdb", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "i686", "packageName": "bind-utils", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "x86_64", "packageName": "bind-utils", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-sdb", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-chroot", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc64", "packageName": "bind-utils", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "ppc", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390", "packageName": "bind-debuginfo", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.el6_4.5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-devel", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-sdb", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-chroot", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-utils", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "arch": "s390x", "packageName": "bind-libs", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.s390x.rpm", "operator": "lt"}], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named); a\nresolver library (routines for applications to use when interfacing with\nDNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n", "reporter": "RedHat", "published": "2013-07-30T04:00:00", "type": "redhat", "title": "(RHSA-2013:1114) Important: bind security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:11", "id": "RHSA-2013:1114", "href": "https://access.redhat.com/errata/RHSA-2013:1114", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-06-13T00:00:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130815.0.el6_4", "arch": "noarch", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130815.0.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130815.0.el6_4", "arch": "src", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130815.0.el6_4.src.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nIt was discovered that NSS leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-1620)\n\nIt was found that the fix for CVE-2013-0167 released via RHSA-2013:0907\nwas incomplete. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management\nserver. (CVE-2013-4236)\n\nAn out-of-bounds memory read flaw was found in the way NSS decoded certain\ncertificates. If an application using NSS decoded a malformed certificate,\nit could cause the application to crash. (CVE-2013-0791)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter\nof CVE-2013-0791. The CVE-2013-4236 issue was found by David Gibson of Red\nHat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-4854 (bind issue)\n\nCVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232,\nand CVE-2013-2237 (kernel issues)\n\nThis update also contains the fixes from the following errata:\n\n* vdsm: RHSA-2013:1155 and RHBA-2013:1158\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "reporter": "RedHat", "published": "2013-08-27T04:00:00", "type": "redhat", "title": "(RHSA-2013:1181) Moderate: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6544", "CVE-2013-0167", "CVE-2013-0791", "CVE-2013-1620", "CVE-2013-2146", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2237", "CVE-2013-4236", "CVE-2013-4854"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:42", "id": "RHSA-2013:1181", "href": "https://access.redhat.com/errata/RHSA-2013:1181", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:25", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libisc62_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libisc62", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "bind9_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "bind9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "host_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "host", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "lwresd_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "lwresd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libdns69_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libdns69", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "liblwres60_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "liblwres60", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "bind9utils_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "bind9utils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libbind-dev_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libbind-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libbind9-60_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libbind9-60", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "bind9-doc_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "bind9-doc", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libisccc60_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libisccc60", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "1:9.8.4.dfsg.P1-6+nmu2+deb7u1", "arch": "all", "packageFilename": "bind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u1_all.deb", "packageName": "bind9", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "dnsutils_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "dnsutils", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "bind9-host_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "bind9-host", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "1:9.7.3.dfsg-1~squeeze11", "arch": "all", "packageFilename": "libisccfg62_1:9.7.3.dfsg-1~squeeze11_all.deb", "packageName": "libisccfg62", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2728-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJuly 27, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4854\nDebian Bug : 717936\n\nMaxim Shudrak and the HP Zero Day Initiative reported a denial of\nservice vulnerability in BIND, a DNS server. A specially crafted query\nthat includes malformed rdata can cause named daemon to terminate with\nan assertion failure while rejecting the malformed query.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze11.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2013-07-27T13:28:47", "title": "[SECURITY] [DSA 2728-1] bind9 security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:25", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-07-27T13:28:47", "id": "DEBIAN:DSA-2728-1:901CB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00138.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-11T12:55:04", "references": ["https://www.debian.org/security/2013/dsa-2728", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717936", "https://packages.debian.org/source/squeeze/bind9", "https://packages.debian.org/source/wheezy/bind9"], "pluginID": "69094", "description": "Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.", "edition": 8, "reporter": "Tenable", "published": "2013-07-29T00:00:00", "title": "Debian DSA-2728-1 : bind9 - denial of service", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2728.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2728. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69094);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_xref(name:\"DSA\", value:\"2728\");\n\n script_name(english:\"Debian DSA-2728-1 : bind9 - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maxim Shudrak and the HP Zero Day Initiative reported a denial of\nservice vulnerability in BIND, a DNS server. A specially crafted query\nthat includes malformed rdata can cause named daemon to terminate with\nan assertion failure while rejecting the malformed query.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2728\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind9 packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 1:9.7.3.dfsg-1~squeeze11.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bind9\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9-doc\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9-host\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9utils\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dnsutils\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"host\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbind-dev\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbind9-60\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libdns69\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisc62\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisccc60\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisccfg62\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"liblwres60\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lwresd\", reference:\"1:9.7.3.dfsg-1~squeeze11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-doc\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9utils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"dnsutils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind-dev\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind9-80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libdns88\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisc84\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccc80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccfg82\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"liblwres80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lwresd\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:21:22", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=988999", "http://www.nessus.org/u?a1ead1d1"], "pluginID": "69210", "description": "- update to 9.9.3-P2 (fix for CVE-2013-4854)\n\n - update RRL patch to 9.9.3-P2-rl.13207.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-08-05T00:00:00", "title": "Fedora 18 : bind-9.9.3-4.P2.fc18 (2013-13831)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:bind"], "id": "FEDORA_2013-13831.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13831.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69210);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_bugtraq_id(61479);\n script_xref(name:\"FEDORA\", value:\"2013-13831\");\n\n script_name(english:\"Fedora 18 : bind-9.9.3-4.P2.fc18 (2013-13831)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 9.9.3-P2 (fix for CVE-2013-4854)\n\n - update RRL patch to 9.9.3-P2-rl.13207.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=988999\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1ead1d1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"bind-9.9.3-4.P2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:38", "references": ["http://support.novell.com/security/cve/CVE-2013-4854.html", "https://bugzilla.novell.com/show_bug.cgi?id=831899"], "pluginID": "69259", "description": "A specially crafted query with malicious rdata could have caused a crash (DoS) in named.", "edition": 4, "reporter": "Tenable", "published": "2013-08-08T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8160 / 8161)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2013-11-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:bind-libs", "p-cpe:/a:novell:suse_linux:11:bind-doc", "p-cpe:/a:novell:suse_linux:11:bind", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:bind-utils", "p-cpe:/a:novell:suse_linux:11:bind-libs-32bit", "p-cpe:/a:novell:suse_linux:11:bind-chrootenv"], "id": "SUSE_11_BIND-130805.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69259);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/11/17 03:37:30 $\");\n\n script_cve_id(\"CVE-2013-4854\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8160 / 8161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A specially crafted query with malicious rdata could have caused a\ncrash (DoS) in named.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4854.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8160 / 8161 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bind-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bind-chrootenv-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bind-doc-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bind-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bind-chrootenv-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bind-doc-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bind-libs-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"bind-utils-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.3P2-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:08:26", "references": ["http://www.nessus.org/u?17f8ea7f"], "pluginID": "69165", "description": "A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854)\n\nAfter installing the update, the BIND daemon (named) will be restarted automatically.", "edition": 4, "reporter": "Tenable", "published": "2013-07-31T00:00:00", "title": "Scientific Linux Security Update : bind on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130730_BIND_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69165);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:28 $\");\n\n script_cve_id(\"CVE-2013-4854\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in BIND. A remote attacker could\nuse this flaw to send a specially crafted DNS query to named that,\nwhen processed, would cause named to crash when rejecting the\nmalformed query. (CVE-2013-4854)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1307&L=scientific-linux-errata&T=0&P=2189\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17f8ea7f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"bind-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:05:59", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=831899", "https://lists.opensuse.org/opensuse-updates/2013-08/msg00039.html"], "pluginID": "75123", "description": "The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. (CVE-2013-4854, bnc#831899)", "edition": 5, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : bind (openSUSE-SU-2013:1353-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-chrootenv", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:bind"], "id": "OPENSUSE-2013-654.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-654.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75123);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-4854\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-SU-2013:1353-1)\");\n script_summary(english:\"Check for the openSUSE-2013-654 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The BIND nameserver was updated to 9.9.3P2 to fix a security issue\nwhere incorrect bounds checking on private type 'keydata' could lead\nto a remotely triggerable REQUIRE failure. (CVE-2013-4854, bnc#831899)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-08/msg00039.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-chrootenv-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-debuginfo-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-debugsource-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-devel-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-libs-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-libs-debuginfo-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-lwresd-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-lwresd-debuginfo-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-utils-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"bind-utils-debuginfo-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.2P2-1.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-chrootenv-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-debuginfo-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-debugsource-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-devel-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-libs-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-libs-debuginfo-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-lwresd-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-lwresd-debuginfo-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-utils-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"bind-utils-debuginfo-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.3P2-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.3P2-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-17T02:51:24", "references": ["https://www.zerodayinitiative.com/advisories/ZDI-13-210/", "https://kc.mcafee.com/corporate/index?page=content&id=SB10052"], "pluginID": "76118", "description": "The remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this by sending a specially crafted query with a malformed RDATA section.", "edition": 8, "reporter": "Tenable", "published": "2014-06-18T00:00:00", "title": "McAfee Firewall Enterprise DoS (SB10052)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Firewalls", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-15T00:00:00", "cpe": ["x-cpe:/a:mcafee:firewall_enterprise"], "id": "MCAFEE_FIREWALL_ENTERPRISE_SB10052.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76118);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_bugtraq_id(61479);\n script_xref(name:\"MCAFEE-SB\", value:\"SB10052\");\n\n script_name(english:\"McAfee Firewall Enterprise DoS (SB10052)\");\n script_summary(english:\"Checks version of MFE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Firewall Enterprise installed\nthat is affected by a denial of service vulnerability due to a flaw in\nthe packaged ISC BIND server. An attacker can exploit this by sending\na specially crafted query with a malformed RDATA section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-210/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch referenced in the vendor security\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:mcafee:firewall_enterprise\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mcafee_firewall_enterprise_version.nbin\");\n script_require_keys(\"Host/McAfeeFE/version\", \"Host/McAfeeFE/version_display\", \"Host/McAfeeFE/installed_patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Firewall Enterprise\";\nversion = get_kb_item_or_exit(\"Host/McAfeeFE/version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfeeFE/version_display\");\ninstalled_patches = get_kb_item_or_exit(\"Host/McAfeeFE/installed_patches\");\nhotfix = \"8.3.1E100\";\nhotfix_display = \"8.3.1 ePatch 100\";\n\n# Only 8.3.1 is affected. Furthermore, only Patch level 1 and below are affected.\nif (version !~ \"^8\\.3\\.1\\.\" || ver_compare(ver:version, fix:\"8.3.1.1\", strict:FALSE) == 1) audit(AUDIT_INST_VER_NOT_VULN, version_display);\n\nif (hotfix >!< installed_patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed Version : ' + version_display +\n '\\n Patched Version : ' + hotfix_display +\n '\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, hotfix_display,app_name);\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:44:58", "references": ["https://kb.isc.org/article/AA-01015", "https://access.redhat.com/security/cve/cve-2013-4854", "https://access.redhat.com/errata/RHSA-2013:1114"], "pluginID": "69110", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "edition": 8, "reporter": "Tenable", "published": "2013-07-30T00:00:00", "title": "RHEL 6 : bind (RHSA-2013:1114)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo"], "id": "REDHAT-RHSA-2013-1114.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69110", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1114. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69110);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_bugtraq_id(61479);\n script_xref(name:\"RHSA\", value:\"2013:1114\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2013:1114)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could\nuse this flaw to send a specially crafted DNS query to named that,\nwhen processed, would cause named to crash when rejecting the\nmalformed query. (CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/article/AA-01015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4854\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1114\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-29T19:15:45", "references": ["http://www.nessus.org/u?294f9597", "https://bugzilla.redhat.com/show_bug.cgi?id=988999"], "pluginID": "69211", "description": "- update to 9.9.3-P2 (fix for CVE-2013-4854)\n\n - update RRL patch to 9.9.3-P2-rl.13207.22\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-08-05T00:00:00", "title": "Fedora 19 : bind-9.9.3-5.P2.fc19 (2013-13863)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-11-28T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:bind"], "id": "FEDORA_2013-13863.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69211", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-13863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69211);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_bugtraq_id(61479);\n script_xref(name:\"FEDORA\", value:\"2013-13863\");\n\n script_name(english:\"Fedora 19 : bind-9.9.3-5.P2.fc19 (2013-13863)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 9.9.3-P2 (fix for CVE-2013-4854)\n\n - update RRL patch to 9.9.3-P2-rl.13207.22\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=988999\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?294f9597\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"bind-9.9.3-5.P2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-02T15:20:48", "references": ["https://usn.ubuntu.com/1910-1/"], "pluginID": "69119", "description": "Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2013-07-30T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : bind9 vulnerability (USN-1910-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libdns95", "p-cpe:/a:canonical:ubuntu_linux:bind9", "p-cpe:/a:canonical:ubuntu_linux:libdns81", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libdns64", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1910-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69119", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1910-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69119);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_xref(name:\"USN\", value:\"1910-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : bind9 vulnerability (USN-1910-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maxim Shudrak discovered that Bind incorrectly handled certain\nmalformed rdata. A remote attacker could use this flaw with a\nspecially crafted query to cause Bind to stop responding, resulting in\na denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1910-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns81\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns95\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"bind9\", pkgver:\"1:9.7.0.dfsg.P1-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libdns64\", pkgver:\"1:9.7.0.dfsg.P1-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bind9\", pkgver:\"1:9.8.1.dfsg.P1-4ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libdns81\", pkgver:\"1:9.8.1.dfsg.P1-4ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"bind9\", pkgver:\"1:9.8.1.dfsg.P1-4.2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libdns81\", pkgver:\"1:9.8.1.dfsg.P1-4.2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"bind9\", pkgver:\"1:9.9.2.dfsg.P1-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libdns95\", pkgver:\"1:9.9.2.dfsg.P1-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9 / libdns64 / libdns81 / libdns95\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:37", "references": ["https://kc.mcafee.com/corporate/index?page=content&id=SB10052"], "pluginID": "76120", "description": "The remote host has a version of McAfee Web Gateway (MWG) prior to 7.3.2.2. It is, therefore, affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this vulnerability by sending a specially crafted query with a malformed RDATA section.", "edition": 6, "reporter": "Tenable", "published": "2014-06-18T00:00:00", "title": "McAfee Web Gateway < 7.3.2.2 DoS (SB10052)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4854"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:mcafee:web_gateway"], "id": "MCAFEE_WEB_GATEWAY_SB10052.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76120);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\"CVE-2013-4854\");\n script_bugtraq_id(61479);\n script_xref(name:\"MCAFEE-SB\", value:\"SB10052\");\n\n script_name(english:\"McAfee Web Gateway < 7.3.2.2 DoS (SB10052)\");\n script_summary(english:\"Checks version of MWG.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Web Gateway (MWG) prior to\n7.3.2.2. It is, therefore, affected by a denial of service\nvulnerability due to a flaw in the packaged ISC BIND server. An\nattacker can exploit this vulnerability by sending a specially crafted\nquery with a malformed RDATA section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10052\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to 7.3.2.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mcafee:web_gateway\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mcafee_web_gateway_detect.nbin\");\n script_require_keys(\"Host/McAfee Web Gateway/Version\", \"Host/McAfee Web Gateway/Display Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Web Gateway\";\nversion = get_kb_item_or_exit(\"Host/McAfee Web Gateway/Version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfee Web Gateway/Display Version\");\nfix = NULL;\n\nif (version =~ \"^7\\.3\\.2\\.\")\n{\n fix = \"7.3.2.2\";\n fix_display = \"7.3.2.2 Build 15726\";\n}\n\nif (fix && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version_display +\n '\\n Fixed version : ' + fix_display +\n '\\n';\n security_hole(extra:report, port:0);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version_display);\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:48", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n=============================================================================\r\nFreeBSD-SA-13:07.bind Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: BIND remote denial of service\r\n\r\nCategory: contrib\r\nModule: bind\r\nAnnounced: 2013-07-26\r\nCredits: Maxim Shudrak and the HP Zero Day Initiative, ISC\r\nAffects: FreeBSD 8.4-RELEASE and FreeBSD 9.x\r\nCorrected: 2013-07-26 22:53:17 UTC &#40;stable/8, 8.4-STABLE&#41;\r\n 2013-07-26 22:40:17 UTC &#40;releng/8.4, 8.4-RELEASE-p2&#41;\r\n 2013-07-26 22:43:09 UTC &#40;stable/9, 9.2-BETA2&#41;\r\n 2013-07-26 22:40:23 UTC &#40;releng/9.1, 9.1-RELEASE-p5&#41;\r\nCVE Name: CVE-2013-4854\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit &lt;URL:http://security.FreeBSD.org/&gt;.\r\n\r\nI. Background\r\n\r\nBIND 9 is an implementation of the Domain Name System &#40;DNS&#41; protocols.\r\nThe named&#40;8&#41; daemon is an Internet Domain Name Server. The libdns\r\nlibrary is a library of DNS protocol support functions.\r\n\r\nII. Problem Description\r\n\r\nDue to a software defect a specially crafted query which includes\r\nmalformed rdata, could cause named&#40;8&#41; to crash with an assertion\r\nfailure and rejecting the malformed query. This issue affects both\r\nrecursive and authoritative-only nameservers.\r\n\r\nIII. Impact\r\n\r\nAn attacker who can send a specially crafted query could cause named&#40;8&#41;\r\nto crash, resulting in a denial of service.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available, but systems not running the named&#40;8&#41; service\r\nand not using the base system DNS utilities are not affected.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1&#41; Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch &#40;releng&#41; dated after the correction date.\r\n\r\n2&#41; To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na&#41; Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-13:07/bind.patch.asc\r\n# gpg --verify bind.patch.asc\r\n\r\nb&#41; Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch &lt; /path/to/patch\r\n\r\nRecompile the operating system using buildworld and installworld as\r\ndescribed in &lt;URL:http://www.FreeBSD.org/handbook/makeworld.html&gt;.\r\n\r\nRestart the named daemon, or reboot the system.\r\n\r\n3&#41; To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update&#40;8&#41; utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/8/ r253696\r\nreleng/8.4/ r253692\r\nstable/9/ r253695\r\nreleng/9.1/ r253693\r\n- -------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing XXXXXX with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing XXXXXX with the revision number:\r\n\r\n&lt;URL:http://svnweb.freebsd.org/base?view=revision&amp;revision=XXXXXX&gt;\r\n\r\nVII. References\r\n\r\nhttps://kb.isc.org/article/AA-01015\r\n\r\n&lt;URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854&gt;\r\n\r\nThe latest revision of this advisory is available at\r\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-13:07.bind.asc\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niEYEARECAAYFAlHzPpMACgkQFdaIBMps37Jb2ACdFqaNTTBFiOCuz30MJ5s85UVd\r\nMzoAn2ebCjqULwyEbJaeTlck87NPfQWR\r\n=RFf2\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-07-29T00:00:00", "title": "FreeBSD Security Advisory FreeBSD-SA-13:07.bind", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:48", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-4854"], "modified": "2013-07-29T00:00:00", "id": "SECURITYVULNS:DOC:29663", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29663", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29663"], "description": "assert&#40;&#41; on client request processing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-07-29T00:00:00", "title": "ISC bind DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:52", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "bind", "version": "9.9", "operator": "eq"}], "cvelist": ["CVE-2013-4854"], "modified": "2013-07-29T00:00:00", "id": "SECURITYVULNS:VULN:13223", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13223", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-3 OS X Server v4.0\r\n\r\nOS X Server v4.0 is now available and addresses the following:\r\n\r\nBIND\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in BIND, the most serious of which\r\nmay lead to a denial of service\r\nDescription: Multiple vulnerabilities existed in BIND. These issues\r\nwere addressed by updating BIND to version 9.9.2-P2\r\nCVE-ID\r\nCVE-2013-3919\r\nCVE-2013-4854\r\nCVE-2014-0591\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: A remote attacker may be able to execute arbitrary SQL\r\nqueries\r\nDescription: A SQL injection issue existed in Wiki Server. This\r\nissue was addressed through additional validation of SQL queries.\r\nCVE-ID\r\nCVE-2014-4424 : Sajjad Pourali &#40;sajjad@securation.com&#41; of CERT of\r\nFerdowsi University of Mashhad\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in Xcode Server.\r\nThis issue was addressed through improved encoding of HTML output.\r\nCVE-ID\r\nCVE-2014-4406 : David Hoyt of Hoyt LLC\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in PostgreSQL. These\r\nissues were addressed by updating PostgreSQL to version 9.2.7.\r\nCVE-ID\r\nCVE-2014-0060\r\nCVE-2014-0061\r\nCVE-2014-0062\r\nCVE-2014-0063\r\nCVE-2014-0064\r\nCVE-2014-0065\r\nCVE-2014-0066\r\n\r\nMail Service\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Group SACL changes for Mail may not be respected until after\r\na restart of the Mail service\r\nDescription: SACL settings for Mail were cached and changes to the\r\nSACLs were not respected until after a restart of the Mail service.\r\nThis issue was addressed by resetting the cache upon changes to the\r\nSACLs.\r\nCVE-ID\r\nCVE-2014-4446 : Craig Courtney\r\n\r\nProfile Manager\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in LibYAML, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in LibYAML. These\r\nissues were addressed by switching from YAML to JSON as Profile\r\nManager&#39;s internal serialization format.\r\nCVE-ID\r\nCVE-2013-4164\r\nCVE-2013-6393\r\n\r\nProfile Manager\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: A local user may obtain passwords after setting up or\r\nediting profiles in Profile Manager\r\nDescription: In certain circumstances, setting up or editing\r\nprofiles in Profile Manager may have logged passwords to a file. This\r\nissue was addressed through improved handling of credentials.\r\nCVE-ID\r\nCVE-2014-4447 : Mayo Jordanov\r\n\r\nServer\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\r\ncould force the use of SSL 3.0, even when the server would support a\r\nbetter TLS version, by blocking TLS 1.0 and higher connection\r\nattempts. This issue was addressed by disabling SSL 3.0 support in\r\nWeb Server, Calendar &amp; Contacts Server, and Remote Administration.\r\nCVE-ID\r\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\r\nGoogle Security Team\r\n\r\nServerRuby\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Running a Ruby script that handles untrusted YAML tags may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow issue existed in LibYAML&#39;s handling\r\nof YAML tags. This issue was addressed through additional validation\r\nof YAML tags. This issue does not affect systems prior to OS X\r\nMavericks.\r\nCVE-ID\r\nCVE-2013-6393\r\n\r\n\r\nOS X Server v4.0 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCLKAAoJEBcWfLTuOo7tqr0P/1fGVeD8xAAgMRpH/hYYkKpj\r\nCGKAUBfTXM9clAhUHP1Es+T1qG67JX9CNrrl5yKMQCupojgNIkO1D0Pj5QlLZzkL\r\nHR6AgI8eYeykiw8VRFI8DC7f3q/A1aRrijj8bPQ6BoPUq28Vya/GjEAMxV1l21l1\r\nqLyNiDH8X8DC/CWyxOXVMD4yqIpzCOPEIAvgV1aB0z1UEdw7fLLBCEIAkNR3tL9M\r\n5OlRT8X4dzpx3YpTvlB9s7zIAPtLgTjcVpPbkT2yJ9OZsewml2aFM7NWDYpYhIRg\r\nz7bOMmKZep15a+XeXH7cdqXMfHW/XGdkYF/4Z85wHG44Kebaikq+K0XoTxjHlqXi\r\n9rtNdcwh+p4DxTQNO0fK7WbfAo7FiF6aonY9D9hp47jbhB9KODVeOpqo6B7sOudq\r\ntBAAS1pBbrsULUWRCZRaN3LlPigtInqIIPuLGVQx4ApUo1guxXb0A88ZU3yiR+Bl\r\nRJHAEoevKjqhLiZDt1V8sSk6sPAh7p02deP5RDIwNJfapP+RrXoJ6knexRD44kNb\r\nMwVD6a2EcOoRFgwcjvgFZ1etpoHT/VAs7Ql/GjWN5snDLsZ/vlGtSPn1i3kjkxBZ\r\noYDmJfC91RoC6exW7img3H9csN0sgtVGJRLrf6cdg41EjVjQaUUVQfBn/DVVyMb8\r\nfIWnhQEvESJVqfrk3Q3X\r\n=LbVb\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-18T00:00:00", "title": "APPLE-SA-2014-10-16-3 OS X Server v4.0", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:54", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-3566", "CVE-2014-4424", "CVE-2014-4406", "CVE-2013-3919", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0591", "CVE-2014-0063", "CVE-2013-6393", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-4446", "CVE-2013-4854", "CVE-2014-0066", "CVE-2013-4164", "CVE-2014-4447", "CVE-2014-0061"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31300", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31300", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31302", "https://vulners.com/securityvulns/securityvulns:doc:31301", "https://vulners.com/securityvulns/securityvulns:doc:31300", "https://vulners.com/securityvulns/securityvulns:doc:31303", "https://vulners.com/securityvulns/securityvulns:doc:31299"], "description": "62 vulnerabilities in different system components.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-10-18T00:00:00", "title": "Apple OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:57", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "OS X Server", "version": "3.2", "operator": "eq"}, {"name": "OS X Server", "version": "2.2", "operator": "eq"}, {"name": "MacOS X", "version": "10.9", "operator": "eq"}], "cvelist": ["CVE-2014-4433", "CVE-2014-3566", "CVE-2014-4371", "CVE-2014-4430", "CVE-2014-4437", "CVE-2014-4405", "CVE-2014-4351", "CVE-2014-4422", "CVE-2014-4424", "CVE-2014-4441", "CVE-2014-4428", "CVE-2014-4444", "CVE-2014-4388", "CVE-2014-7169", "CVE-2014-4391", "CVE-2014-4443", "CVE-2014-4375", "CVE-2014-4406", "CVE-2014-4421", "CVE-2014-0098", "CVE-2013-3919", "CVE-2014-4440", "CVE-2014-0065", "CVE-2014-4431", "CVE-2013-6438", "CVE-2014-4408", "CVE-2014-4426", "CVE-2014-3537", "CVE-2014-0064", "CVE-2014-0591", "CVE-2014-4439", "CVE-2014-0063", "CVE-2014-4438", "CVE-2013-5150", "CVE-2014-6271", "CVE-2013-6393", "CVE-2014-4434", "CVE-2014-0060", "CVE-2014-4425", "CVE-2014-4417", "CVE-2014-4442", "CVE-2014-0062", "CVE-2014-4446", "CVE-2014-4418", "CVE-2014-4404", "CVE-2014-4420", "CVE-2013-4854", "CVE-2014-0066", "CVE-2014-4427", "CVE-2014-4435", "CVE-2011-2391", "CVE-2014-4407", "CVE-2013-4164", "CVE-2014-4447", "CVE-2014-4436", "CVE-2014-4432", "CVE-2014-4380", "CVE-2014-0061", "CVE-2014-4364", "CVE-2014-4419", "CVE-2014-4373"], "modified": "2014-10-18T00:00:00", "id": "SECURITYVULNS:VULN:14050", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14050", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:17:51", "references": ["https://kb.isc.org/article/AA-01015/0/CVE-2013-4854%3A-A-specially-crafted-query-can-cause-BIND-to-terminate-abnormally.html"], "edition": 2, "description": "This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of an rdata section with a length that is less than four. The issue lies in the creation of an error message when an invalid message class is specified. An attacker can leverage this vulnerability to crash a remote instance of ISC BIND.", "reporter": "Maxim Shudrak", "published": "2013-08-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "ISC BIND rdata Denial Of Service Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2013-4854"], "modified": "2013-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-210", "id": "ZDI-13-210", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:29", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "ia64", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.ia64.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "x86_64", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "x86_64", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "x86_64", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "x86_64", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "src", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "src", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "src", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "ia64", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.ia64.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "x86_64", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "ia64", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.ia64.rpm", "packageName": "bind97-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "ia64", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.ia64.rpm", "packageName": "bind97-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "ia64", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.ia64.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "arch": "i386", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-utils", "operator": "lt"}], "description": "[32:9.7.0-17.P2.2]\n- fix for CVE-2013-4854", "edition": 3, "reporter": "Oracle", "published": "2013-07-29T00:00:00", "title": "bind97 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-07-29T00:00:00", "id": "ELSA-2013-1115", "href": "http://linux.oracle.com/errata/ELSA-2013-1115.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:25", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-utils-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-utils-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-devel-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-devel-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-devel-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-libs-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-libs-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "x86_64", "packageFilename": "bind-libs-9.8.2-0.17.rc1.0.2.el6_4.5.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "src", "packageFilename": "bind-9.8.2-0.17.rc1.0.2.el6_4.5.src.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "src", "packageFilename": "bind-9.8.2-0.17.rc1.0.2.el6_4.5.src.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.0.2.el6_4.5", "arch": "i686", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.0.2.el6_4.5.i686.rpm", "packageName": "bind-chroot", "operator": "lt"}], "description": "[32:9.8.2-0.17.rc1.0.2.el6_4.5]\n- bump release and build for ULN\n[32:9.8.2-0.17.rc1.5]\n- fix CVE-2013-4854", "edition": 3, "reporter": "Oracle", "published": "2013-07-29T00:00:00", "title": "bind security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-07-29T00:00:00", "id": "ELSA-2013-1114", "href": "http://linux.oracle.com/errata/ELSA-2013-1114.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "src", "packageFilename": "bind97-9.7.0-21.P2.el5.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "src", "packageFilename": "bind97-9.7.0-21.P2.el5.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "src", "packageFilename": "bind97-9.7.0-21.P2.el5.src.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-devel-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-devel-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "ia64", "packageFilename": "bind97-9.7.0-21.P2.el5.ia64.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "ia64", "packageFilename": "bind97-utils-9.7.0-21.P2.el5.ia64.rpm", "packageName": "bind97-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-libs-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-libs-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-chroot-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "x86_64", "packageFilename": "bind97-utils-9.7.0-21.P2.el5.x86_64.rpm", "packageName": "bind97-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "x86_64", "packageFilename": "bind97-chroot-9.7.0-21.P2.el5.x86_64.rpm", "packageName": "bind97-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "x86_64", "packageFilename": "bind97-libs-9.7.0-21.P2.el5.x86_64.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "x86_64", "packageFilename": "bind97-9.7.0-21.P2.el5.x86_64.rpm", "packageName": "bind97", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "x86_64", "packageFilename": "bind97-devel-9.7.0-21.P2.el5.x86_64.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "ia64", "packageFilename": "bind97-devel-9.7.0-21.P2.el5.ia64.rpm", "packageName": "bind97-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "i386", "packageFilename": "bind97-utils-9.7.0-21.P2.el5.i386.rpm", "packageName": "bind97-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "ia64", "packageFilename": "bind97-libs-9.7.0-21.P2.el5.ia64.rpm", "packageName": "bind97-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "9.7.0-21.P2.el5", "arch": "ia64", "packageFilename": "bind97-chroot-9.7.0-21.P2.el5.ia64.rpm", "packageName": "bind97-chroot", "operator": "lt"}], "description": "[32:9.7.0-21.P2]\r\n- Fix CVE-2014-0591\r\n \n[32:9.7.0-20.P2]\r\n- Fix init script to not unmount filesystem when ROOTDIR is empty (#1059118)\r\n \n[32:9.7.0-19.P2]\r\n- fix for CVE-2013-4854\r\n \n[32:9.7.0-18.P2]\r\n- fix CVE-2013-2266\r\n ", "edition": 3, "reporter": "Oracle", "published": "2014-09-17T00:00:00", "title": "bind97 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-2266", "CVE-2014-0591", "CVE-2013-4854"], "modified": "2014-09-17T00:00:00", "id": "ELSA-2014-1244", "href": "http://linux.oracle.com/errata/ELSA-2014-1244.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:36", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-devel-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-devel-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-libs-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-libs-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-devel-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-sdb-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-sdb-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-utils-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "i686", "packageFilename": "bind-utils-9.8.2-0.23.rc1.el6_5.1.i686.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "src", "packageFilename": "bind-9.8.2-0.23.rc1.el6_5.1.src.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "src", "packageFilename": "bind-9.8.2-0.23.rc1.el6_5.1.src.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-chroot-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind-chroot", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "9.8.2-0.23.rc1.el6_5.1", "arch": "x86_64", "packageFilename": "bind-libs-9.8.2-0.23.rc1.el6_5.1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}], "description": "[32:9.8.2-0.23.rc1.1]\n- Fix CVE-2014-0591\n[32:9.8.2-0.23.rc1]\n- Fix gssapictx memory leak (#911167)\n[32:9.8.2-0.22.rc1]\n- fix CVE-2013-4854\n[32:9.8.2-0.21.rc1]\n- fix CVE-2013-2266\n- ship dns/rrl.h in -devel subpkg\n[32:9.8.2-0.20.rc1]\n- remove one bogus file from /usr/share/doc, introduced by RRL patch\n[32:9.8.2-0.19.rc1]\n- fix CVE-2012-5689\n[32:9.8.2-0.18.rc1]\n- add response rate limit patch (#873624)", "edition": 3, "reporter": "Oracle", "published": "2014-01-20T00:00:00", "title": "bind security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5689", "CVE-2013-2266", "CVE-2014-0591", "CVE-2013-4854"], "modified": "2014-01-20T00:00:00", "id": "ELSA-2014-0043", "href": "http://linux.oracle.com/errata/ELSA-2014-0043.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:21:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "Bugtraq ID:61479\r\nCVE ID:CVE-2013-4854\r\n\r\nISC BIND\u662f\u4e00\u6b3eDNS\u534f\u8bae\u7684\u5b9e\u73b0\r\n\r\nISC BIND\u5728\u89e3\u6790DNS\u67e5\u8be2\u4e2d\u7684RDATA\u6570\u636e\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u5305\u542b\u7578\u5f62RDATA\u6570\u636e\u7684\u7279\u6b8a\u67e5\u8be2\u53ef\u89e6\u53d1REQUIRE\u65ad\u8a00\uff0c\u4f7f\u670d\u52a1\u7a0b\u5e8f\u5d29\u6e83\u3002\u6b64\u6f0f\u6d1e\u5df2\u7ecf\u5728\u7f51\u7edc\u4e0a\u79ef\u6781\u5229\u7528\uff0c\u6743\u5a01\u548c\u9012\u5f52\u670d\u52a1\u5668\u90fd\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\n0\nISC BIND 9.8.0 - 9.8.5-P1\r\nISC BIND 9.9.0 - 9.9.3-P1\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nISC BIND 9.8.5-P2\uff0c9.9.3-P2\u548c9.9.3-S1-P1\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.isc.org/downloads/bind/", "reporter": "Root", "published": "2013-07-30T00:00:00", "title": "ISC BIND 9 DNS RDATA\u5904\u7406\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4854"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-07-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60926", "id": "SSV:60926", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}], "freebsd": [{"lastseen": "2018-08-31T01:14:55", "references": ["https://kb.isc.org/article/AA-01015/0"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.9.3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "bind99-base", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.8.5.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "bind98", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.8.5.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "bind98-base", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.1_5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "FreeBSD", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "9.9.3.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "bind99", "operator": "lt"}], "description": "\nISC reports:\n\nA specially crafted query that includes malformed\n\t rdata can cause named to terminate with an assertion\n\t failure while rejecting the malformed query.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2013-07-26T00:00:00", "title": "bind -- denial of service vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2016-08-09T00:00:00", "id": "7943E521-F648-11E2-8607-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/7943e521-f648-11e2-8607-3c970e169bc2.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:55", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "9.8.5_P2", "arch": "i486", "packageFilename": "bind-9.8.5_P2-i486-1_slack13.1.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "9.8.5_P2", "arch": "i486", "packageFilename": "bind-9.8.5_P2-i486-1_slack13.37.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "9.8.5_P2", "arch": "x86_64", "packageFilename": "bind-9.8.5_P2-x86_64-1_slack13.37.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "9.8.5_P2", "arch": "i486", "packageFilename": "bind-9.8.5_P2-i486-1_slack12.1.tgz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "9.8.5_P2", "arch": "i486", "packageFilename": "bind-9.8.5_P2-i486-1_slack12.2.tgz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "9.8.5_P2", "arch": "i486", "packageFilename": "bind-9.8.5_P2-i486-1_slack13.0.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "9.9.3_P2", "arch": "x86_64", "packageFilename": "bind-9.9.3_P2-x86_64-1_slack14.0.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "9.8.5_P2", "arch": "x86_64", "packageFilename": "bind-9.8.5_P2-x86_64-1_slack13.0.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "9.8.5_P2", "arch": "x86_64", "packageFilename": "bind-9.8.5_P2-x86_64-1_slack13.1.txz", "packageName": "bind", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "9.9.3_P2", "arch": "i486", "packageFilename": "bind-9.9.3_P2-i486-1_slack14.0.txz", "packageName": "bind", "operator": "lt"}], "description": "New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/bind-9.9.3_P2-i486-1_slack14.0.txz: Upgraded.\n This update fixes a security issue where a specially crafted query can cause\n BIND to terminate abnormally, resulting in a denial of service.\n For more information, see:\n https://kb.isc.org/article/AA-01015\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.8.5_P2-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.8.5_P2-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.8.5_P2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.8.5_P2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.8.5_P2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.8.5_P2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.8.5_P2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.8.5_P2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.3_P2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.3_P2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.3_P2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.3_P2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\nb71ecb3585584e533a3120fb5b455108 bind-9.8.5_P2-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n636519bd25abc6d98fe888b69b0cb7ab bind-9.8.5_P2-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n6aca45be4b57ad94424055ec2c0be44f bind-9.8.5_P2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd4be81a262b7d43d04c370f54749c27e bind-9.8.5_P2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nb1398b8594850bfcfefc80a9771750c9 bind-9.8.5_P2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n5a4c6cd8631b928ec499583bed4950cb bind-9.8.5_P2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n695ccd0073b9ac5e77f97baf3d59664b bind-9.8.5_P2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\na8a263ce4cd00596666fe24dcc5c49ef bind-9.8.5_P2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n33044470839cbf0a3948debfec9acc8e bind-9.9.3_P2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n080e68a54e368d2c19a35004be00c971 bind-9.9.3_P2-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n23363bfc2bc8056cade9feca02521ae2 n/bind-9.9.3_P2-i486-1.txz\n\nSlackware x86_64 -current package:\n47f3d5dfcc55a467aee082174552c7a4 n/bind-9.9.3_P2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.9.3_P2-i486-1_slack14.0.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "edition": 3, "reporter": "Slackware Linux Project", "published": "2013-08-06T00:20:18", "title": "bind", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-08-06T00:20:18", "id": "SSA-2013-218-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.509431", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:53", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1114.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind-sdb", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-utils", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-utils-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind-utils", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.src.rpm", "packageName": "bind", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-chroot", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind-chroot", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind-sdb", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-9.8.2-0.17.rc1.el6_4.5.i686.rpm", "packageName": "bind", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-libs-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "9.8.2-0.17.rc1.el6_4.5", "packageFilename": "bind-devel-9.8.2-0.17.rc1.el6_4.5.x86_64.rpm", "packageName": "bind-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1114\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named); a\nresolver library (routines for applications to use when interfacing with\nDNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019879.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-sdb\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1114.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-07-30T04:35:38", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "bind security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-07-30T04:35:38", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019879.html", "id": "CESA-2013:1114", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:58", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1115.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-chroot", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-libs-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97-utils", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.src.rpm", "packageName": "bind97", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-chroot-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-chroot", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-utils-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-utils", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-devel-9.7.0-17.P2.el5_9.2.i386.rpm", "packageName": "bind97-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "9.7.0-17.P2.el5_9.2", "packageFilename": "bind97-9.7.0-17.P2.el5_9.2.x86_64.rpm", "packageName": "bind97", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1115\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named); a\nresolver library (routines for applications to use when interfacing with\nDNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in BIND. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to crash when rejecting the malformed query.\n(CVE-2013-4854)\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019880.html\n\n**Affected packages:**\nbind97\nbind97-chroot\nbind97-devel\nbind97-libs\nbind97-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1115.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-07-30T04:50:14", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "bind97 security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2013-07-30T04:50:14", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019880.html", "id": "CESA-2013:1115", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:24", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1114.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "src", "packageFilename": "bind-9.8.2-0.17.rc1.30.amzn1.src.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-libs-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-chroot", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-utils-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-utils-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-utils", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-chroot-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-chroot", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-sdb-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-sdb", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-libs-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-devel-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "i686", "packageFilename": "bind-devel-9.8.2-0.17.rc1.30.amzn1.i686.rpm", "packageName": "bind-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "9.8.2-0.17.rc1.30.amzn1", "arch": "x86_64", "packageFilename": "bind-debuginfo-9.8.2-0.17.rc1.30.amzn1.x86_64.rpm", "packageName": "bind-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nA denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. ([CVE-2013-4854 __](<https://access.redhat.com/security/cve/CVE-2013-4854>))\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n bind-utils-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-devel-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-sdb-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-libs-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-debuginfo-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-chroot-9.8.2-0.17.rc1.30.amzn1.i686 \n bind-9.8.2-0.17.rc1.30.amzn1.i686 \n \n src: \n bind-9.8.2-0.17.rc1.30.amzn1.src \n \n x86_64: \n bind-debuginfo-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-libs-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-utils-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-devel-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-sdb-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-chroot-9.8.2-0.17.rc1.30.amzn1.x86_64 \n bind-9.8.2-0.17.rc1.30.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T23:18:00", "title": "Important: bind", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:24", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4854"], "modified": "2014-09-15T23:18:00", "id": "ALAS-2013-214", "href": "https://alas.aws.amazon.com/ALAS-2013-214.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266", "https://bugs.gentoo.org/show_bug.cgi?id=453974", "https://bugs.gentoo.org/show_bug.cgi?id=437828", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689", "https://bugs.gentoo.org/show_bug.cgi?id=446094", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166", "https://bugs.gentoo.org/show_bug.cgi?id=478316", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919", "https://bugs.gentoo.org/show_bug.cgi?id=483208", "https://bugs.gentoo.org/show_bug.cgi?id=498016", "https://bugs.gentoo.org/show_bug.cgi?id=463497"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "9.9.4_p2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-dns/bind", "operator": "lt"}], "edition": 1, "description": "### Background\n\nBIND is the Berkeley Internet Name Domain Server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll BIND users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.9.4_p2\"", "reporter": "Gentoo Foundation", "published": "2014-01-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "BIND: Denial of Service", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5689", "CVE-2013-2266", "CVE-2013-3919", "CVE-2012-5688", "CVE-2012-5166", "CVE-2014-0591", "CVE-2013-4854"], "modified": "2014-01-29T00:00:00", "id": "GLSA-201401-34", "href": "https://security.gentoo.org/glsa/201401-34", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}