EulerOS 2.0 SP9 : bind (EulerOS-SA-2022-2718)

2022-11-1400:00:00

www.tenable.com

euleros

bind

cve-2022-38178

eddsa signature

memory leak

named crashes

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

75.2%

JSON

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38178)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(167366);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/30");

  script_cve_id("CVE-2022-38178");

  script_name(english:"EulerOS 2.0 SP9 : bind (EulerOS-SA-2022-2718)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :

  - By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can
    trigger a small memory leak. It is possible to gradually erode available memory to the point where named
    crashes for lack of resources. (CVE-2022-38178)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2718
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81f81858");
  script_set_attribute(attribute:"solution", value:
"Update the affected bind packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-38178");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-chroot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-export-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs-lite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-pkcs11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-bind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "bind-9.11.4-17.h17.eulerosv2r9",
  "bind-chroot-9.11.4-17.h17.eulerosv2r9",
  "bind-export-libs-9.11.4-17.h17.eulerosv2r9",
  "bind-libs-9.11.4-17.h17.eulerosv2r9",
  "bind-libs-lite-9.11.4-17.h17.eulerosv2r9",
  "bind-pkcs11-9.11.4-17.h17.eulerosv2r9",
  "bind-utils-9.11.4-17.h17.eulerosv2r9",
  "python3-bind-9.11.4-17.h17.eulerosv2r9"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind");
}

VendorProductVersionCPE
huaweieulerosbind-utilsp-cpe:/a:huawei:euleros:bind-utils
huaweieuleros2.0cpe:/o:huawei:euleros:2.0
huaweieulerospython3-bindp-cpe:/a:huawei:euleros:python3-bind
huaweieulerosbind-pkcs11p-cpe:/a:huawei:euleros:bind-pkcs11
huaweieulerosbind-libs-litep-cpe:/a:huawei:euleros:bind-libs-lite
huaweieulerosbind-libsp-cpe:/a:huawei:euleros:bind-libs
huaweieulerosbind-chrootp-cpe:/a:huawei:euleros:bind-chroot
huaweieulerosbindp-cpe:/a:huawei:euleros:bind
huaweieulerosbind-export-libsp-cpe:/a:huawei:euleros:bind-export-libs

Vendor	Product	Version	CPE
huawei	euleros	bind-utils	p-cpe:/a:huawei:euleros:bind-utils
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0
huawei	euleros	python3-bind	p-cpe:/a:huawei:euleros:python3-bind
huawei	euleros	bind-pkcs11	p-cpe:/a:huawei:euleros:bind-pkcs11
huawei	euleros	bind-libs-lite	p-cpe:/a:huawei:euleros:bind-libs-lite
huawei	euleros	bind-libs	p-cpe:/a:huawei:euleros:bind-libs
huawei	euleros	bind-chroot	p-cpe:/a:huawei:euleros:bind-chroot
huawei	euleros	bind	p-cpe:/a:huawei:euleros:bind
huawei	euleros	bind-export-libs	p-cpe:/a:huawei:euleros:bind-export-libs