Lucene search

[email protected]NVD:CVE-2013-4854

HistoryJul 29, 2013 - 1:59 p.m.

CVE-2013-4854

2013-07-2913:59:37

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.1 High

AI Score

Confidence

High

0.953 High

EPSS

Percentile

99.4%

JSON

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Affected configurations

NVD

Node

iscbindMatch9.7.0

iscbindMatch9.7.0b1

iscbindMatch9.7.0p1

iscbindMatch9.7.0p2

iscbindMatch9.7.0rc1

iscbindMatch9.7.0rc2

iscbindMatch9.7.1

iscbindMatch9.7.1p1

iscbindMatch9.7.1p2

iscbindMatch9.7.1rc1

iscbindMatch9.7.2

iscbindMatch9.7.2p1

iscbindMatch9.7.2p2

iscbindMatch9.7.2p3

iscbindMatch9.7.2rc1

iscbindMatch9.7.3

iscbindMatch9.7.3b1

iscbindMatch9.7.3p1

iscbindMatch9.7.3rc1

iscbindMatch9.7.4

iscbindMatch9.7.4b1

iscbindMatch9.7.4p1

iscbindMatch9.7.4rc1

iscbindMatch9.7.5

iscbindMatch9.7.5b1

iscbindMatch9.7.5rc1

iscbindMatch9.7.5rc2

iscbindMatch9.7.6

iscbindMatch9.7.6p1

iscbindMatch9.7.6p2

iscbindMatch9.7.7

Node

susesuse_linux_enterprise_software_development_kitMatch11.0sp2

susesuse_linux_enterprise_software_development_kitMatch11.0sp3

novellsuse_linuxMatch11desktop

novellsuse_linuxMatch11server

Node

iscdnsco_bindMatch9.9.3s1

iscdnsco_bindMatch9.9.4s1b1

Node

opensuseopensuseMatch11.4

Node

iscbindMatch9.9.0

iscbindMatch9.9.0a1

iscbindMatch9.9.0a2

iscbindMatch9.9.0a3

iscbindMatch9.9.0b1

iscbindMatch9.9.0b2

iscbindMatch9.9.0rc1

iscbindMatch9.9.0rc2

iscbindMatch9.9.0rc3

iscbindMatch9.9.0rc4

iscbindMatch9.9.1

iscbindMatch9.9.1p1

iscbindMatch9.9.1p2

iscbindMatch9.9.2

iscbindMatch9.9.3

iscbindMatch9.9.3b1

iscbindMatch9.9.3b2

iscbindMatch9.9.3p1

iscbindMatch9.9.3rc1

iscbindMatch9.9.3rc2

Node

freebsdfreebsdMatch8.0

freebsdfreebsdMatch8.1

freebsdfreebsdMatch8.2

freebsdfreebsdMatch8.3

freebsdfreebsdMatch8.4

freebsdfreebsdMatch9.0

freebsdfreebsdMatch9.1

freebsdfreebsdMatch9.1p4

freebsdfreebsdMatch9.1p5

freebsdfreebsdMatch9.2prerelease

freebsdfreebsdMatch9.2rc1

freebsdfreebsdMatch9.2rc2

Node

mandrivabusiness_serverMatch1.0

mandrivaenterprise_serverMatch5.0

Node

redhatenterprise_linuxMatch5

redhatenterprise_linuxMatch6.0

Node

iscbindMatch9.8.0

iscbindMatch9.8.0a1

iscbindMatch9.8.0b1

iscbindMatch9.8.0p1

iscbindMatch9.8.0p2

iscbindMatch9.8.0p4

iscbindMatch9.8.0rc1

iscbindMatch9.8.1

iscbindMatch9.8.1b1

iscbindMatch9.8.1b2

iscbindMatch9.8.1b3

iscbindMatch9.8.1p1

iscbindMatch9.8.1rc1

iscbindMatch9.8.2b1

iscbindMatch9.8.2rc1

iscbindMatch9.8.2rc2

iscbindMatch9.8.3

iscbindMatch9.8.3p1

iscbindMatch9.8.3p2

iscbindMatch9.8.4

iscbindMatch9.8.5

iscbindMatch9.8.5b1

iscbindMatch9.8.5b2

iscbindMatch9.8.5p1

iscbindMatch9.8.5rc1

iscbindMatch9.8.5rc2

iscbindMatch9.8.6b1

Node

fedoraprojectfedoraMatch18

fedoraprojectfedoraMatch19

Node

hphp-uxMatchb.11.31

Node

slackwareslackware_linuxMatch12.1

slackwareslackware_linuxMatch12.2

slackwareslackware_linuxMatch13.0

slackwareslackware_linuxMatch13.1

slackwareslackware_linuxMatch13.37

References

archives.neohapsis.com/archives/bugtraq/2013-08/0030.html

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

linux.oracle.com/errata/ELSA-2014-1244

lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html

lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html

rhn.redhat.com/errata/RHSA-2013-1114.html

rhn.redhat.com/errata/RHSA-2013-1115.html

secunia.com/advisories/54134

secunia.com/advisories/54185

secunia.com/advisories/54207

secunia.com/advisories/54211

secunia.com/advisories/54323

secunia.com/advisories/54432

www.debian.org/security/2013/dsa-2728

www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc

www.mandriva.com/security/advisories?name=MDVSA-2013:202

www.securityfocus.com/bid/61479

www.securitytracker.com/id/1028838

www.ubuntu.com/usn/USN-1910-1

www.zerodayinitiative.com/advisories/ZDI-13-210/

exchange.xforce.ibmcloud.com/vulnerabilities/86004

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396

kb.isc.org/article/AA-01015

kb.isc.org/article/AA-01016

kc.mcafee.com/corporate/index?page=content&id=SB10052

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561

support.apple.com/kb/HT6536

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.1 High

AI Score

Confidence

High

0.953 High

EPSS

Percentile

99.4%

JSON

CVE-2013-4854

Affected configurations

References

Related