The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2792 advisory.

    - Handle subtle difference between upstream and rhel (CVE-2022-3094)
    - Prevent flooding with UPDATE requests (CVE-2022-3094)
    - Handle RRSIG queries when server-stale is active (CVE-2022-3736)
    - Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924)
    - Bound the amount of work performed for delegations (CVE-2022-2795)
    - Fix possible serve-stale related crash (CVE-2022-3080)
    - Fix memory leak in ECDSA verify processing (CVE-2022-38177)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 : bind9.16 (ELSA-2023-2792)

medium Nessus Plugin ID 176273

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.4 Nov 2, 2024, 7:54 AM CVSS metrics ("Cvssv4 score" set to 6.3) CVSSv2 severity (based on CVE-2022-2795, severity decreased from "High" to "Medium") Detection (updated detection logic) Plugin Feed: 202411020754
Version 1.3 Oct 23, 2024, 7:37 AM CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U") Plugin Feed: 202410230737
Version 1.2 Oct 23, 2024, 12:00 AM CVSS metrics ("Cvssv4 score" set to 6.3) CVSSv2 severity (based on CVE-2022-2795, severity decreased from "High" to "Medium") Detection (updated detection logic) Plugin Feed: 202410230000
Version 1.1 Oct 22, 2024, 6:42 PM CVSS metrics ("Cvssv4 score" set to 6.3) CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N") CVSSv2 severity (based on CVE-2022-2795, severity decreased from "High" to "Medium") Plugin metadata Plugin Feed: 202410221842
Version 1.0 May 24, 2023, 12:03 PM New Plugin Feed: 202305241203