OracleVM 3.3 : bind (OVMSA-2014-0084)

High Nessus Plugin ID 80247

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix CVE-2014-8500 (#1171973)

- Use /dev/urandom when generating rndc.key file (#951255)

- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

- Add support for TLSA resource records (#956685)

- Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)

- Fix segmentation fault in nsupdate when -r option is used (#1064045)

- Fix race condition on send buffer in host tool when sending UDP query (#1008827)

- Allow authentication using TSIG in allow-notify configuration statement (#1044545)

- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)

- Include updated named.ca file with root server addresses (#917356)

- Don't generate rndc.key if there is rndc.conf on start-up (#997743)

- Fix dig man page regarding how to disable IDN (#1023045)

- Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)

- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)

- Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)

- Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)

- Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)

- Fix initscript not to mount chroot filesystem is named is already running (#948743)

- Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)

- Correct the installed documentation ownership (#1051283)

- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)

- Fix race condition when destroying a resolver fetch object (#993612)

- Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)

- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

- Fix (CVE-2014-0591)

- Fix gssapictx memory leak (#911167)

- fix (CVE-2013-4854)

- fix (CVE-2013-2266)

- ship dns/rrl.h in -devel subpkg

- remove one bogus file from /usr/share/doc, introduced by RRL patch

- fix (CVE-2012-5689)

- add response rate limit patch (#873624)

Solution

Update the affected bind-libs / bind-utils packages.

See Also

http://www.nessus.org/u?9f3bc143

Plugin Details

Severity: High

ID: 80247

File Name: oraclevm_OVMSA-2014-0084.nasl

Version: 1.9

Type: local

Published: 2014/12/26

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:bind-libs, p-cpe:/a:oracle:vm:bind-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/24

Reference Information

CVE: CVE-2012-5689, CVE-2013-2266, CVE-2013-4854, CVE-2014-0591, CVE-2014-8500

BID: 57556, 58736, 61479, 64801, 71590