Detections
Analytics

OracleVM 3.3 : bind (OVMSA-2014-0084)

high Nessus Plugin ID 80247

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Fix CVE-2014-8500 (#1171973)

 - Use /dev/urandom when generating rndc.key file (#951255)

 - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

 - Add support for TLSA resource records (#956685)

 - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)

 - Fix segmentation fault in nsupdate when -r option is used (#1064045)

 - Fix race condition on send buffer in host tool when sending UDP query (#1008827)

 - Allow authentication using TSIG in allow-notify configuration statement (#1044545)

 - Fix SELinux context of /var/named/chroot/etc/localtime (#902431)

 - Include updated named.ca file with root server addresses (#917356)

 - Don't generate rndc.key if there is rndc.conf on start-up (#997743)

 - Fix dig man page regarding how to disable IDN (#1023045)

 - Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)

 - Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)

 - Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)

 - Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)

 - Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)

 - Fix initscript not to mount chroot filesystem is named is already running (#948743)

 - Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)

 - Correct the installed documentation ownership (#1051283)

 - configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)

 - Fix race condition when destroying a resolver fetch object (#993612)

 - Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)

 - Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

 - Fix (CVE-2014-0591)

 - Fix gssapictx memory leak (#911167)

 - fix (CVE-2013-4854)

 - fix (CVE-2013-2266)

 - ship dns/rrl.h in -devel subpkg

 - remove one bogus file from /usr/share/doc, introduced by RRL patch

 - fix (CVE-2012-5689)

 - add response rate limit patch (#873624)

Solution

Update the affected bind-libs / bind-utils packages.

See Also

http://www.nessus.org/u?9f3bc143

Plugin Details

Severity: High

ID: 80247

File Name: oraclevm_OVMSA-2014-0084.nasl

Version: 1.11

Type: local

Published: 12/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:bind-libs, p-cpe:/a:oracle:vm:bind-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/24/2014

Vulnerability Publication Date: 1/25/2013

Reference Information

CVE: CVE-2012-5689, CVE-2013-2266, CVE-2013-4854, CVE-2014-0591, CVE-2014-8500

BID: 57556, 58736, 61479, 64801, 71590