NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2023-0006)

high Nessus Plugin ID 171702

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple vulnerabilities:

- In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. (CVE-2021-25214)

- In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. (CVE-2021-25219)

- By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177)

- By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38178)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2023-0006

http://security.gd-linux.com/info/CVE-2021-25214

http://security.gd-linux.com/info/CVE-2021-25219

http://security.gd-linux.com/info/CVE-2022-38177

http://security.gd-linux.com/info/CVE-2022-38178

Plugin Details

Severity: High

ID: 171702

File Name: newstart_cgsl_NS-SA-2023-0006_bind.nasl

Version: 1.1

Type: local

Published: 2/21/2023

Updated: 2/27/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-25219

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-38178

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:bind-libs, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:bind, p-cpe:/a:zte:cgsl_main:bind-libs-lite, p-cpe:/a:zte:cgsl_main:bind-export-libs, p-cpe:/a:zte:cgsl_main:python3-bind, p-cpe:/a:zte:cgsl_main:bind-utils, p-cpe:/a:zte:cgsl_main:bind-license

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/20/2023

Vulnerability Publication Date: 4/28/2021

Reference Information

CVE: CVE-2021-25214, CVE-2021-25219, CVE-2022-38177, CVE-2022-38178

IAVA: 2021-A-0206-S, 2021-A-0525-S, 2022-A-0387-S