Ubuntu 14.04 LTS : Bind vulnerabilities (USN-2693-1)

2015-07-2900:00:00

www.tenable.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

8.1

Confidence

High

EPSS

0.972

Percentile

99.9%

JSON

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2693-1 advisory.

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use     this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service.
(CVE-2015-5477)

Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote     attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial     of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2693-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85081);
  script_version("2.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/27");

  script_cve_id("CVE-2012-5689", "CVE-2015-5477");
  script_xref(name:"USN", value:"2693-1");

  script_name(english:"Ubuntu 14.04 LTS : Bind vulnerabilities (USN-2693-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-2693-1 advisory.

    Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use
    this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service.
    (CVE-2015-5477)

    Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote
    attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial
    of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2693-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5477");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bind9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bind9-host");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bind9utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dnsutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:host");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbind-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbind9-90");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdns100");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libisc95");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libisccc90");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libisccfg90");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liblwres90");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lwresd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'bind9', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'bind9-host', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'bind9utils', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'dnsutils', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'host', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libbind-dev', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libbind9-90', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libdns100', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libisc95', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libisccc90', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'libisccfg90', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'liblwres90', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'},
    {'osver': '14.04', 'pkgname': 'lwresd', 'pkgver': '1:9.9.5.dfsg-3ubuntu0.4'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  var extra = '';
  extra += ubuntu_report_get();
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind9 / bind9-host / bind9utils / dnsutils / host / libbind-dev / etc');
}

VendorProductVersionCPE
canonicalubuntu_linuxlwresdp-cpe:/a:canonical:ubuntu_linux:lwresd
canonicalubuntu_linuxbind9p-cpe:/a:canonical:ubuntu_linux:bind9
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linuxdnsutilsp-cpe:/a:canonical:ubuntu_linux:dnsutils
canonicalubuntu_linuxbind9utilsp-cpe:/a:canonical:ubuntu_linux:bind9utils
canonicalubuntu_linuxlibbind-devp-cpe:/a:canonical:ubuntu_linux:libbind-dev
canonicalubuntu_linuxlibdns100p-cpe:/a:canonical:ubuntu_linux:libdns100
canonicalubuntu_linuxlibisccc90p-cpe:/a:canonical:ubuntu_linux:libisccc90
canonicalubuntu_linuxlibisc95p-cpe:/a:canonical:ubuntu_linux:libisc95
canonicalubuntu_linuxlibbind9-90p-cpe:/a:canonical:ubuntu_linux:libbind9-90

Vendor	Product	Version	CPE
canonical	ubuntu_linux	lwresd	p-cpe:/a:canonical:ubuntu_linux:lwresd
canonical	ubuntu_linux	bind9	p-cpe:/a:canonical:ubuntu_linux:bind9
canonical	ubuntu_linux	14.04	cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonical	ubuntu_linux	dnsutils	p-cpe:/a:canonical:ubuntu_linux:dnsutils
canonical	ubuntu_linux	bind9utils	p-cpe:/a:canonical:ubuntu_linux:bind9utils
canonical	ubuntu_linux	libbind-dev	p-cpe:/a:canonical:ubuntu_linux:libbind-dev
canonical	ubuntu_linux	libdns100	p-cpe:/a:canonical:ubuntu_linux:libdns100
canonical	ubuntu_linux	libisccc90	p-cpe:/a:canonical:ubuntu_linux:libisccc90
canonical	ubuntu_linux	libisc95	p-cpe:/a:canonical:ubuntu_linux:libisc95
canonical	ubuntu_linux	libbind9-90	p-cpe:/a:canonical:ubuntu_linux:libbind9-90