F5 Networks BIG-IP : BIND vulnerability (SOL15787)

high Nessus Plugin ID 78835

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL15787.

See Also

https://support.f5.com/csp/article/K15787

Plugin Details

Severity: High

ID: 78835

File Name: f5_bigip_SOL15787.nasl

Version: 1.7

Type: local

Published: 11/4/2014

Updated: 3/10/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2014

Vulnerability Publication Date: 11/25/2009

Reference Information

CVE: CVE-2009-4022, CVE-2010-0382

BID: 37118