NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2024-0060)

medium Nessus Plugin ID 206846

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple vulnerabilities:

- ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. (CVE-2007-2926)

- Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. (CVE-2007-6283)

- Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
(CVE-2008-0122)

- The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka DNS Insufficient Socket Entropy Vulnerability or the Kaminsky bug.
(CVE-2008-1447)

- BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. (CVE-2009-0025)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2024-0060

https://security.gd-linux.com/info/CVE-2007-2926

https://security.gd-linux.com/info/CVE-2007-6283

https://security.gd-linux.com/info/CVE-2008-0122

https://security.gd-linux.com/info/CVE-2008-1447

https://security.gd-linux.com/info/CVE-2009-0025

https://security.gd-linux.com/info/CVE-2009-0696

https://security.gd-linux.com/info/CVE-2010-0213

https://security.gd-linux.com/info/CVE-2011-1907

https://security.gd-linux.com/info/CVE-2011-1910

https://security.gd-linux.com/info/CVE-2011-4313

https://security.gd-linux.com/info/CVE-2012-1667

https://security.gd-linux.com/info/CVE-2013-2266

https://security.gd-linux.com/info/CVE-2013-3919

https://security.gd-linux.com/info/CVE-2014-0591

https://security.gd-linux.com/info/CVE-2014-8500

https://security.gd-linux.com/info/CVE-2015-5477

https://security.gd-linux.com/info/CVE-2015-8704

https://security.gd-linux.com/info/CVE-2015-8705

https://security.gd-linux.com/info/CVE-2016-1285

https://security.gd-linux.com/info/CVE-2016-1286

https://security.gd-linux.com/info/CVE-2016-2088

https://security.gd-linux.com/info/CVE-2017-3145

https://security.gd-linux.com/info/CVE-2018-5738

https://security.gd-linux.com/info/CVE-2018-5740

https://security.gd-linux.com/info/CVE-2018-5744

https://security.gd-linux.com/info/CVE-2022-2795

https://security.gd-linux.com/info/CVE-2023-2828

https://security.gd-linux.com/info/CVE-2023-3341

Plugin Details

Severity: Medium

ID: 206846

File Name: newstart_cgsl_NS-SA-2024-0060_bind.nasl

Version: 1.3

Type: local

Published: 9/10/2024

Updated: 9/18/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-0122

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2018-5738

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Threat Score: 2.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2022-2795

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:bind-libs, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:bind, p-cpe:/a:zte:cgsl_main:bind-libs-lite, p-cpe:/a:zte:cgsl_main:bind-export-libs, p-cpe:/a:zte:cgsl_main:python3-bind, p-cpe:/a:zte:cgsl_main:bind-utils, p-cpe:/a:zte:cgsl_main:bind-license

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2024

Vulnerability Publication Date: 7/24/2007

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-2926, CVE-2007-6283, CVE-2008-0122, CVE-2008-1447, CVE-2009-0025, CVE-2009-0696, CVE-2010-0213, CVE-2011-1907, CVE-2011-1910, CVE-2011-4313, CVE-2012-1667, CVE-2013-2266, CVE-2013-3919, CVE-2014-0591, CVE-2014-8500, CVE-2015-5477, CVE-2015-8704, CVE-2015-8705, CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, CVE-2017-3145, CVE-2018-5738, CVE-2018-5740, CVE-2018-5744, CVE-2022-2795, CVE-2023-2828, CVE-2023-3341

IAVA: 2008-A-0045, 2011-A-0158-S, 2012-A-0106-S, 2013-A-0069-S, 2013-A-0116-S, 2014-A-0086-S, 2014-A-0196-S, 2015-A-0181-S, 2016-A-0032-S, 2016-A-0074-S, 2018-A-0024-S, 2018-A-0255-S, 2018-A-0303-S, 2019-A-0069-S, 2022-A-0387-S, 2023-A-0320-S, 2023-A-0500-S