CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%
The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple vulnerabilities:
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. (CVE-2007-2926)
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. (CVE-2007-6283)
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
(CVE-2008-0122)
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka DNS Insufficient Socket Entropy Vulnerability or the Kaminsky bug.
(CVE-2008-1447)
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. (CVE-2009-0025)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2024-0060. The text
# itself is copyright (C) ZTE, Inc.
##
include('compat.inc');
if (description)
{
script_id(206846);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/18");
script_cve_id(
"CVE-2007-2926",
"CVE-2007-6283",
"CVE-2008-0122",
"CVE-2008-1447",
"CVE-2009-0025",
"CVE-2009-0696",
"CVE-2010-0213",
"CVE-2011-1907",
"CVE-2011-1910",
"CVE-2011-4313",
"CVE-2012-1667",
"CVE-2013-2266",
"CVE-2013-3919",
"CVE-2014-0591",
"CVE-2014-8500",
"CVE-2015-5477",
"CVE-2015-8704",
"CVE-2015-8705",
"CVE-2016-1285",
"CVE-2016-1286",
"CVE-2016-2088",
"CVE-2017-3145",
"CVE-2018-5738",
"CVE-2018-5740",
"CVE-2018-5744",
"CVE-2022-2795",
"CVE-2023-2828",
"CVE-2023-3341"
);
script_xref(name:"IAVA", value:"2008-A-0045");
script_xref(name:"IAVA", value:"2011-A-0158-S");
script_xref(name:"IAVA", value:"2012-A-0106-S");
script_xref(name:"IAVA", value:"2013-A-0069-S");
script_xref(name:"IAVA", value:"2013-A-0116-S");
script_xref(name:"IAVA", value:"2014-A-0086-S");
script_xref(name:"IAVA", value:"2014-A-0196-S");
script_xref(name:"IAVA", value:"2015-A-0181-S");
script_xref(name:"IAVA", value:"2016-A-0032-S");
script_xref(name:"IAVA", value:"2016-A-0074-S");
script_xref(name:"IAVA", value:"2018-A-0024-S");
script_xref(name:"IAVA", value:"2018-A-0255-S");
script_xref(name:"IAVA", value:"2018-A-0303-S");
script_xref(name:"IAVA", value:"2019-A-0069-S");
script_xref(name:"IAVA", value:"2022-A-0387-S");
script_xref(name:"IAVA", value:"2023-A-0320-S");
script_xref(name:"IAVA", value:"2023-A-0500-S");
script_name(english:"NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2024-0060)");
script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple
vulnerabilities:
- ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when
answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for
remote attackers to guess the next query id and perform DNS cache poisoning. (CVE-2007-2926)
- Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions,
which allows local users to perform unauthorized named commands, such as causing a denial of service by
stopping named. (CVE-2007-6283)
- Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in
FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
(CVE-2008-0122)
- The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)
Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations
allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to
conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction
IDs and source ports, aka DNS Insufficient Socket Entropy Vulnerability or the Kaminsky bug.
(CVE-2008-1447)
- BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL
DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a
malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. (CVE-2009-0025)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/notice/NS-SA-2024-0060");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2007-2926");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2007-6283");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2008-0122");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2008-1447");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2009-0025");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2009-0696");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2010-0213");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2011-1907");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2011-1910");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2011-4313");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2012-1667");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2013-2266");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2013-3919");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2014-0591");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2014-8500");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2015-5477");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2015-8704");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2015-8705");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2016-1285");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2016-1286");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2016-2088");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2017-3145");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2018-5738");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2018-5740");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2018-5744");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-2795");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-2828");
script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2023-3341");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-0122");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-5738");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2022-2795");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/24");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-export-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-libs-lite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-license");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python3-bind");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');
if (os_release !~ "CGSL MAIN 6.02")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');
if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);
var flag = 0;
var pkgs = {
'CGSL MAIN 6.02': [
'bind-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'bind-export-libs-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'bind-libs-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'bind-libs-lite-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'bind-license-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'bind-utils-9.11.36-8.el8.cgslv6_2.2.g0e84ae1',
'python3-bind-9.11.36-8.el8.cgslv6_2.2.g0e84ae1'
]
};
var pkg_list = pkgs[os_release];
foreach (pkg in pkg_list)
if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3341
security.gd-linux.com/info/CVE-2007-2926
security.gd-linux.com/info/CVE-2007-6283
security.gd-linux.com/info/CVE-2008-0122
security.gd-linux.com/info/CVE-2008-1447
security.gd-linux.com/info/CVE-2009-0025
security.gd-linux.com/info/CVE-2009-0696
security.gd-linux.com/info/CVE-2010-0213
security.gd-linux.com/info/CVE-2011-1907
security.gd-linux.com/info/CVE-2011-1910
security.gd-linux.com/info/CVE-2011-4313
security.gd-linux.com/info/CVE-2012-1667
security.gd-linux.com/info/CVE-2013-2266
security.gd-linux.com/info/CVE-2013-3919
security.gd-linux.com/info/CVE-2014-0591
security.gd-linux.com/info/CVE-2014-8500
security.gd-linux.com/info/CVE-2015-5477
security.gd-linux.com/info/CVE-2015-8704
security.gd-linux.com/info/CVE-2015-8705
security.gd-linux.com/info/CVE-2016-1285
security.gd-linux.com/info/CVE-2016-1286
security.gd-linux.com/info/CVE-2016-2088
security.gd-linux.com/info/CVE-2017-3145
security.gd-linux.com/info/CVE-2018-5738
security.gd-linux.com/info/CVE-2018-5740
security.gd-linux.com/info/CVE-2018-5744
security.gd-linux.com/info/CVE-2022-2795
security.gd-linux.com/info/CVE-2023-2828
security.gd-linux.com/info/CVE-2023-3341
security.gd-linux.com/notice/NS-SA-2024-0060
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%