ISC Bind End of Life not detected

PBSH · February 28, 2023, 10:13am

I’ve got the following technical details from a scan (ISC BIND Detection Consolidation):

Detected ISC BIND

Version:       9.3.6-P1
Location:      53/tcp
CPE:           cpe:/a:isc:bind:9.3.6:p1

Concluded from version/product identification result:
9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6

products_eol.inc lists:

eol_cpes[ "cpe:/a:isc:bind" ] = make_array(
  "versions",      "9.15:2020-01-31;9.14:2020-04-30;9.13:unknown;9.12:2019-05-31;9.11:2021-12-31;9.10:2018-07-31;9.9:2018-07-31;9.8:2014-09-30;9.7:2012-11-30;9.6:2014-02-28;9.5:2010-07-30;9.4:2009-12-31;9.3:2008-12-31;9.2:2007-09-30;9$
  "version_regex", "^([0-9]+\.[0-9]+)"
);

The regex of the cpe matches with this EOL version. However, OID 1.3.6.1.4.1.25623.1.0.113016 with Name ISC BIND End of Life (EOL) Detection - Linux didn’t get triggered. I can’t figure out why.

cfi · March 1, 2023, 10:45am

The VT in question has a QoD of “remote_banner_unreliable” (30 %) due to BIND9 being still supported via “backports” with security fixes by most Linux distributions.

The result is probably not included in the report because this the default filter is only showing results of a QoD >= 70 % by default.

More info on the QoD concept and how to adjust the filter to show results with a low QoD value can be found here:

PBSH · March 1, 2023, 12:53pm

That makes sense, thank you very much!