OracleVM 3.3 : bind (OVMSA-2014-0084)

High Nessus Plugin ID 80247


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix CVE-2014-8500 (#1171973)

- Use /dev/urandom when generating rndc.key file (#951255)

- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

- Add support for TLSA resource records (#956685)

- Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)

- Fix segmentation fault in nsupdate when -r option is used (#1064045)

- Fix race condition on send buffer in host tool when sending UDP query (#1008827)

- Allow authentication using TSIG in allow-notify configuration statement (#1044545)

- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)

- Include updated file with root server addresses (#917356)

- Don't generate rndc.key if there is rndc.conf on start-up (#997743)

- Fix dig man page regarding how to disable IDN (#1023045)

- Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)

- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)

- Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)

- Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)

- Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)

- Fix initscript not to mount chroot filesystem is named is already running (#948743)

- Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)

- Correct the installed documentation ownership (#1051283)

- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)

- Fix race condition when destroying a resolver fetch object (#993612)

- Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)

- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

- Fix (CVE-2014-0591)

- Fix gssapictx memory leak (#911167)

- fix (CVE-2013-4854)

- fix (CVE-2013-2266)

- ship dns/rrl.h in -devel subpkg

- remove one bogus file from /usr/share/doc, introduced by RRL patch

- fix (CVE-2012-5689)

- add response rate limit patch (#873624)


Update the affected bind-libs / bind-utils packages.

See Also

Plugin Details

Severity: High

ID: 80247

File Name: oraclevm_OVMSA-2014-0084.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2014/12/26

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:bind-libs, p-cpe:/a:oracle:vm:bind-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/24

Reference Information

CVE: CVE-2012-5689, CVE-2013-2266, CVE-2013-4854, CVE-2014-0591, CVE-2014-8500

BID: 57556, 58736, 61479, 64801, 71590

OSVDB: 89584, 91712, 95707, 101973, 115524