Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9977

Version

Class

vulnerability

ALTXid

1611

Language

English

Severity

NotAvailable

Title

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Description

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:27:39.267-04:00 : status_change DRAFT
- 2010-08-16T04:15:18.885-04:00 : status_change INTERIM
- 2010-09-06T04:16:27.771-04:00 : status_change ACCEPTED
- 2013-04-10T17:44:00.576-04:00 : modified EDITED oval:org.mitre.oval:def:9977 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T17:46:55.612-04:00 : status_change INTERIM
- 2013-04-29T04:23:49.653-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2007-6283

Criteria

Expand All

Collapse All

AND

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR Configuration section
- CRITERION bind-utils is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35853) check=at least one, check_existence=at_least_one_exists, comment=bind-utils is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14263)
      name bind-utils
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind-libbind-devel is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36573) check=at least one, check_existence=at_least_one_exists, comment=bind-libbind-devel is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14729)
      name bind-libbind-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind-devel is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36695) check=at least one, check_existence=at_least_one_exists, comment=bind-devel is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14242)
      name bind-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind-chroot is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36618) check=at least one, check_existence=at_least_one_exists, comment=bind-chroot is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14363)
      name bind-chroot
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION caching-nameserver is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36833) check=at least one, check_existence=at_least_one_exists, comment=caching-nameserver is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14701)
      name caching-nameserver
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind-sdb is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36572) check=at least one, check_existence=at_least_one_exists, comment=bind-sdb is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14433)
      name bind-sdb
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36755) check=at least one, check_existence=at_least_one_exists, comment=bind is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14143)
      name bind
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5
- CRITERION bind-libs is earlier than 0:9.3.4-6.P1.el5
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:36364) check=at least one, check_existence=at_least_one_exists, comment=bind-libs is earlier than 0:9.3.4-6.P1.el5, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14348)
      name bind-libs
    - rpminfo_state (ID = oval:org.mitre.oval:ste:10841)
      evr datatype=evr_string | operation=less than | value=0:9.3.4-6.P1.el5


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	COMPLETE
Access complexity:	LOW
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	COMPLETE