OracleVM 3.3 : bind (OVMSA-2014-0084)

high Nessus Plugin ID 80247
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix CVE-2014-8500 (#1171973)

- Use /dev/urandom when generating rndc.key file (#951255)

- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035

- Add support for TLSA resource records (#956685)

- Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)

- Fix segmentation fault in nsupdate when -r option is used (#1064045)

- Fix race condition on send buffer in host tool when sending UDP query (#1008827)

- Allow authentication using TSIG in allow-notify configuration statement (#1044545)

- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)

- Include updated file with root server addresses (#917356)

- Don't generate rndc.key if there is rndc.conf on start-up (#997743)

- Fix dig man page regarding how to disable IDN (#1023045)

- Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)

- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)

- Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)

- Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)

- Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)

- Fix initscript not to mount chroot filesystem is named is already running (#948743)

- Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)

- Correct the installed documentation ownership (#1051283)

- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)

- Fix race condition when destroying a resolver fetch object (#993612)

- Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)

- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)

- Fix (CVE-2014-0591)

- Fix gssapictx memory leak (#911167)

- fix (CVE-2013-4854)

- fix (CVE-2013-2266)

- ship dns/rrl.h in -devel subpkg

- remove one bogus file from /usr/share/doc, introduced by RRL patch

- fix (CVE-2012-5689)

- add response rate limit patch (#873624)


Update the affected bind-libs / bind-utils packages.

See Also

Plugin Details

Severity: High

ID: 80247

File Name: oraclevm_OVMSA-2014-0084.nasl

Version: 1.11

Type: local

Published: 12/26/2014

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 5.1


Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:bind-libs, p-cpe:/a:oracle:vm:bind-utils, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/24/2014

Vulnerability Publication Date: 1/25/2013

Reference Information

CVE: CVE-2012-5689, CVE-2013-2266, CVE-2013-4854, CVE-2014-0591, CVE-2014-8500

BID: 57556, 58736, 61479, 64801, 71590