ISC BIND DoS Vulnerability (CVE-2022-2906) - Linux

# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:isc:bind";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.124168");
  script_version("2023-10-18T05:05:17+0000");
  script_tag(name:"last_modification", value:"2023-10-18 05:05:17 +0000 (Wed, 18 Oct 2023)");
  script_tag(name:"creation_date", value:"2022-09-23 07:11:52 +0000 (Fri, 23 Sep 2022)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-09-23 13:33:00 +0000 (Fri, 23 Sep 2022)");

  script_cve_id("CVE-2022-2906");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("ISC BIND DoS Vulnerability (CVE-2022-2906) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_isc_bind_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("isc/bind/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"ISC BIND is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Changes between OpenSSL 1.x and OpenSSL 3.0 expose a flaw in
  named that causes a small memory leak in key processing when using TKEY records in Diffie-Hellman
  mode with OpenSSL 3.0.0 and later versions.");

  script_tag(name:"impact", value:"An attacker can leverage this flaw to gradually erode available
  memory to the point where named crashes for lack of resources. Upon restart the attacker would
  have to begin again, but nevertheless there is the potential to deny service.");

  script_tag(name:"affected", value:"ISC BIND version 9.18.0 through 9.18.6 and 9.19.0 through
  9.19.4.");

  script_tag(name:"solution", value:"Update to version 9.18.7, 9.19.5 or later.");

  script_xref(name:"URL", value:"https://kb.isc.org/docs/cve-2022-2906");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];
location = infos["location"];

if (version_in_range(version: version, test_version: "9.18.0", test_version2: "9.18.6")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.18.7", install_path: location);
  security_message(port: port, data: report, proto: proto);
  exit(0);
}

if (version_in_range(version: version, test_version: "9.19.0", test_version2: "9.19.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.19.5", install_path: location);
  security_message(port: port, data: report, proto: proto);
  exit(0);
}

exit(99);