Amazon Linux 2 : bind (ALAS-2018-1082)
high Nessus Plugin ID 117710
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Amazon Linux 2 host is missing a security update.Description
A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)Solution
Run 'yum update bind' to update your system.See Also
Plugin Details
Severity: High
ID: 117710
File Name: al2_ALAS-2018-1082.nasl
Version: 1.2
Type: local
Agent: unix
Published: 9/27/2018
Updated: 2/14/2019
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:bind, p-cpe:/a:amazon:linux:bind-chroot, p-cpe:/a:amazon:linux:bind-debuginfo, p-cpe:/a:amazon:linux:bind-devel, p-cpe:/a:amazon:linux:bind-libs, p-cpe:/a:amazon:linux:bind-libs-lite, p-cpe:/a:amazon:linux:bind-lite-devel, p-cpe:/a:amazon:linux:bind-pkcs11, p-cpe:/a:amazon:linux:bind-pkcs11-devel, p-cpe:/a:amazon:linux:bind-pkcs11-libs, p-cpe:/a:amazon:linux:bind-pkcs11-utils, p-cpe:/a:amazon:linux:bind-sdb, p-cpe:/a:amazon:linux:bind-sdb-chroot, p-cpe:/a:amazon:linux:bind-utils, cpe:/o:amazon:linux:2
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 9/25/2018
Vulnerability Publication Date: 1/16/2019
Reference Information
CVE: CVE-2018-5740
ALAS: 2018-1082