ISC BIND 9.11.4-S1 < 9.16.37-S1 / 9.16.8-S1 < 9.16.37-S1 Assertion Failure (cve-2022-3488)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170683);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/30");

  script_cve_id("CVE-2022-3488");
  script_xref(name:"IAVA", value:"2023-A-0058-S");

  script_name(english:"ISC BIND 9.11.4-S1 < 9.16.37-S1 / 9.16.8-S1 < 9.16.37-S1 Assertion Failure (cve-2022-3488)");

  script_set_attribute(attribute:"synopsis", value:
"The remote name server is affected by an assertion failure vulnerability vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the cve-2022-3488 advisory.

  - Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but
    where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this
    context is anything that would cause the resolver to reject the query response, such as a mismatch between
    query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1
    through 9.16.36-S1. (CVE-2022-3488)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/v1/docs/cve-2022-3488");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ISC BIND version 9.16.37-S1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3488");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/26");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"DNS");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("bind_version.nasl");
  script_require_keys("bind/version", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::bind::initialize();

var app_info = vcf::get_app_info(app:'BIND', port:53, kb_ver:'bind/version', service:TRUE, proto:'UDP');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var constraints = [
  { 'min_version' : '9.11.4-S1', 'max_version' : '9.11.37-S1', 'fixed_version' : '9.16.37-S1' },
  { 'min_version' : '9.16.8-S1', 'max_version' : '9.16.36-S1', 'fixed_version' : '9.16.37-S1' }
];
constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version);

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);