ISC BIND DoS Vulnerability (CVE-2022-3488) - Linux

# Copyright (C) 2023 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:isc:bind";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126315");
  script_version("2023-10-13T05:06:10+0000");
  script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-01-26 10:55:12 +0000 (Thu, 26 Jan 2023)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-02-03 18:25:00 +0000 (Fri, 03 Feb 2023)");

  script_cve_id("CVE-2022-3488");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("ISC BIND DoS Vulnerability (CVE-2022-3488) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_isc_bind_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("isc/bind/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"ISC BIND is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Processing of repeated responses to the same query, where both
  responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND
  to exit with an assertion failure.

  'Broken' in this context is anything that would cause the resolver to reject the query response,
  such as a mismatch between query and answer name.");

  script_tag(name:"impact", value:"An attacker controlling a malicious nameserver could respond
  with two responses in quick succession, each with a 'CLIENT-SUBNET' pseudo-option and where the
  first is broken. Processing the second response after the first causes named to terminate.");

  script_tag(name:"affected", value:"ISC BIND versions 9.11.4-S1 through 9.11.37-S1, 19.16.8-S1
  through 19.16.36-S1.");

  script_tag(name:"solution", value:"Update to version 9.16.37-S1 or later.");

  script_xref(name:"URL", value:"https://kb.isc.org/docs/cve-2022-3488");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];
location = infos["location"];

if (version =~ "^9\.[0-9]+\.[0-9]+s[0-9]") {
  if (version_in_range(version: version, test_version: "9.11.4s1", test_version2: "9.11.37s1") ||
      version_in_range(version: version, test_version: "9.16.8s1", test_version2: "9.16.36s1")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.16.37-S1", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }
}

exit(99);