Detections
Analytics

OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)

high Nessus Plugin ID 99569

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Fix CVE-2017-3136 (ISC change 4575)

 - Fix CVE-2017-3137 (ISC change 4578)

 - Fix and test caching CNAME before DNAME (ISC change 4558)

 - Fix CVE-2016-9147 (ISC change 4510)

 - Fix regression introduced by CVE-2016-8864 (ISC change 4530)

 - Restore SELinux contexts before named restart

 - Use /lib or /lib64 only if directory in chroot already exists

 - Tighten NSS library pattern, escape chroot mount path

 - Fix (CVE-2016-8864)

 - Do not change lib permissions in chroot (#1321239)

 - Support WKS records in chroot (#1297562)

 - Do not include patch backup in docs (fixes #1325081 patch)

 - Backported relevant parts of [RT #39567] (#1259923)

 - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)

 - Fix multiple realms in nsupdate script like upstream (#1313286)

 - Fix multiple realm in nsupdate script (#1313286)

 - Use resolver-query-timeout high enough to recover all forwarders (#1325081)

 - Fix (CVE-2016-2848)

 - Fix infinite loop in start_lookup (#1306504)

 - Fix (CVE-2016-2776)

Solution

Update the affected bind-libs / bind-utils packages.

See Also

http://www.nessus.org/u?cd826bc7

http://www.nessus.org/u?67f77036

Plugin Details

Severity: High

ID: 99569

File Name: oraclevm_OVMSA-2017-0066.nasl

Version: 3.6

Type: local

Published: 4/21/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:bind-libs, cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:bind-utils, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2017

Vulnerability Publication Date: 9/5/2006

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-4095, CVE-2007-2241, CVE-2007-2925, CVE-2007-2926, CVE-2007-6283, CVE-2008-0122, CVE-2008-1447, CVE-2009-0025, CVE-2009-0696, CVE-2010-0097, CVE-2010-0290, CVE-2011-0414, CVE-2011-1910, CVE-2011-2464, CVE-2012-1033, CVE-2012-1667, CVE-2012-3817, CVE-2012-4244, CVE-2012-5166, CVE-2012-5688, CVE-2012-5689, CVE-2013-2266, CVE-2013-4854, CVE-2014-0591, CVE-2014-8500, CVE-2015-1349, CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, CVE-2015-8000, CVE-2015-8704, CVE-2016-1285, CVE-2016-1286, CVE-2016-2776, CVE-2016-2848, CVE-2016-8864, CVE-2016-9147, CVE-2017-3136, CVE-2017-3137

BID: 19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588

CWE: 16, 189, 200, 287

IAVA: 2008-A-0045, 2017-A-0004