OracleVM 3.3 : bind (OVMSA-2014-0084)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix CVE-2014-8500 (#1171973)

- Use /dev/urandom when generating rndc.key file (#951255)

- Remove bogus file from /usr/share/doc, introduced by fix
for bug #1092035

- Add support for TLSA resource records (#956685)

- Increase defaults for lwresd workers and make workers
and client objects number configurable (#1092035)

- Fix segmentation fault in nsupdate when -r option is
used (#1064045)

- Fix race condition on send buffer in host tool when
sending UDP query (#1008827)

- Allow authentication using TSIG in allow-notify
configuration statement (#1044545)

- Fix SELinux context of /var/named/chroot/etc/localtime
(#902431)

- Include updated named.ca file with root server addresses
(#917356)

- Don't generate rndc.key if there is rndc.conf on
start-up (#997743)

- Fix dig man page regarding how to disable IDN (#1023045)

- Handle ICMP Destination unreachable (Protocol
unreachable) response (#1066876)

- Configure BIND with --with-dlopen=yes to support
dynamically loadable DLZ drivers (#846065)

- Fix initscript to return correct exit value when calling
checkconfig/configtest/check/test (#848033)

- Don't (un)mount chroot filesystem when running
initscript command configtest with running server
(#851123)

- Fix zone2sqlite tool to accept zones containing '.' or
'-' or starting with a digit (#919414)

- Fix initscript not to mount chroot filesystem is named
is already running (#948743)

- Fix initscript to check if the PID in PID-file is really
s PID of running named server (#980632)

- Correct the installed documentation ownership (#1051283)

- configure with --enable-filter-aaaa to enable use of
filter-aaaa-on-v4 option (#1025008)

- Fix race condition when destroying a resolver fetch
object (#993612)

- Fix the RRL functionality to include
referrals-per-second and nodata-per-second options
(#1036700)

- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

- Fix (CVE-2014-0591)

- Fix gssapictx memory leak (#911167)

- fix (CVE-2013-4854)

- fix (CVE-2013-2266)

- ship dns/rrl.h in -devel subpkg

- remove one bogus file from /usr/share/doc, introduced by
RRL patch

- fix (CVE-2012-5689)

- add response rate limit patch (#873624)

See also :

http://www.nessus.org/u?9f3bc143

Solution :

Update the affected bind-libs / bind-utils packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 80247 ()

Bugtraq ID: 57556
58736
61479
64801
71590

CVE ID: CVE-2012-5689
CVE-2013-2266
CVE-2013-4854
CVE-2014-0591
CVE-2014-8500

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now