ID CVE-2013-4854
Summary The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
Vulnerable Configurations
  • ISC BIND 9.7.0
    cpe:2.3:a:isc:bind:9.7.0
  • ISC BIND 9.7.0 Beta 1
    cpe:2.3:a:isc:bind:9.7.0:b1
  • ISC BIND 9.7.0 p1
    cpe:2.3:a:isc:bind:9.7.0:p1
  • ISC BIND 9.7.0 p2
    cpe:2.3:a:isc:bind:9.7.0:p2
  • ISC BIND 9.7.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.0:rc1
  • ISC BIND 9.7.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.0:rc2
  • ISC BIND 9.7.1
    cpe:2.3:a:isc:bind:9.7.1
  • ISC BIND 9.7.1 p1
    cpe:2.3:a:isc:bind:9.7.1:p1
  • ISC BIND 9.7.1 p2
    cpe:2.3:a:isc:bind:9.7.1:p2
  • ISC BIND 9.7.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.1:rc1
  • ISC BIND 9.7.2
    cpe:2.3:a:isc:bind:9.7.2
  • ISC BIND 9.7.2 P1
    cpe:2.3:a:isc:bind:9.7.2:p1
  • ISC BIND 9.7.2 P2
    cpe:2.3:a:isc:bind:9.7.2:p2
  • ISC BIND 9.7.2 P3
    cpe:2.3:a:isc:bind:9.7.2:p3
  • ISC BIND 9.7.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.2:rc1
  • ISC BIND 9.7.3
    cpe:2.3:a:isc:bind:9.7.3
  • ISC BIND 9.7.3 B1
    cpe:2.3:a:isc:bind:9.7.3:b1
  • ISC BIND 9.7.3 P1
    cpe:2.3:a:isc:bind:9.7.3:p1
  • ISC BIND 9.7.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.3:rc1
  • ISC BIND 9.7.4
    cpe:2.3:a:isc:bind:9.7.4
  • ISC BIND 9.7.4 B1
    cpe:2.3:a:isc:bind:9.7.4:b1
  • ISC BIND 9.7.4P1
    cpe:2.3:a:isc:bind:9.7.4:p1
  • ISC BIND 9.7.4 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.4:rc1
  • ISC BIND 9.7.5
    cpe:2.3:a:isc:bind:9.7.5
  • ISC BIND 9.7.5 B1
    cpe:2.3:a:isc:bind:9.7.5:b1
  • ISC BIND 9.7.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.5:rc1
  • ISC BIND 9.7.5 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.5:rc2
  • ISC BIND 9.7.6
    cpe:2.3:a:isc:bind:9.7.6
  • ISC BIND 9.7.6-p1
    cpe:2.3:a:isc:bind:9.7.6:p1
  • ISC BIND 9.7.6-p2
    cpe:2.3:a:isc:bind:9.7.6:p2
  • ISC BIND 9.7.7
    cpe:2.3:a:isc:bind:9.7.7
  • SUSE Linux Enterprise Software Development Kit 11.0 Service Pack 2
    cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2
  • SUSE Linux Enterprise Software Development Kit 11.0 Service Pack 3
    cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3
  • Novell SUSE Linux Enterprise Desktop 11
    cpe:2.3:o:novell:suse_linux:11:-:desktop
  • Novell SUSE Linux Enterprise Server 11
    cpe:2.3:o:novell:suse_linux:11:-:server
  • ISC DNSco BIND 9.9.3-S1
    cpe:2.3:a:isc:dnsco_bind:9.9.3:s1
  • ISC DNSco BIND 9.9.4S1b1
    cpe:2.3:a:isc:dnsco_bind:9.9.4:s1b1
  • OpenSUSE 11.4
    cpe:2.3:o:opensuse:opensuse:11.4
  • ISC BIND 9.9.0
    cpe:2.3:a:isc:bind:9.9.0
  • ISC BIND 9.9.0a1
    cpe:2.3:a:isc:bind:9.9.0:a1
  • ISC BIND 9.9.0a2
    cpe:2.3:a:isc:bind:9.9.0:a2
  • ISC BIND 9.9.0a3
    cpe:2.3:a:isc:bind:9.9.0:a3
  • ISC BIND 9.9.0b1
    cpe:2.3:a:isc:bind:9.9.0:b1
  • ISC BIND 9.9.0b2
    cpe:2.3:a:isc:bind:9.9.0:b2
  • ISC BIND 9.9.0 release candidate 1
    cpe:2.3:a:isc:bind:9.9.0:rc1
  • ISC BIND 9.9.0 release candidate 2
    cpe:2.3:a:isc:bind:9.9.0:rc2
  • ISC BIND 9.9.0 release candidate 3
    cpe:2.3:a:isc:bind:9.9.0:rc3
  • ISC BIND 9.9.0 release candidate 4
    cpe:2.3:a:isc:bind:9.9.0:rc4
  • ISC BIND 9.9.1
    cpe:2.3:a:isc:bind:9.9.1
  • ISC BIND 9.9.1-p1
    cpe:2.3:a:isc:bind:9.9.1:p1
  • ISC BIND 9.9.1-p2
    cpe:2.3:a:isc:bind:9.9.1:p2
  • ISC BIND 9.9.2
    cpe:2.3:a:isc:bind:9.9.2
  • ISC BIND 9.9.3
    cpe:2.3:a:isc:bind:9.9.3
  • ISC BIND 9.9.3 b1
    cpe:2.3:a:isc:bind:9.9.3:b1
  • ISC BIND 9.9.3 b2
    cpe:2.3:a:isc:bind:9.9.3:b2
  • ISC BIND 9.9.3p1
    cpe:2.3:a:isc:bind:9.9.3:p1
  • ISC BIND 9.9.3 release candidate 1
    cpe:2.3:a:isc:bind:9.9.3:rc1
  • ISC BIND 9.9.3 release candidate 2
    cpe:2.3:a:isc:bind:9.9.3:rc2
  • FreeBSD 8.0
    cpe:2.3:o:freebsd:freebsd:8.0
  • FreeBSD 8.1
    cpe:2.3:o:freebsd:freebsd:8.1
  • FreeBSD 8.2
    cpe:2.3:o:freebsd:freebsd:8.2
  • FreeBSD 8.3
    cpe:2.3:o:freebsd:freebsd:8.3
  • FreeBSD 8.4
    cpe:2.3:o:freebsd:freebsd:8.4
  • FreeBSD 9.0
    cpe:2.3:o:freebsd:freebsd:9.0
  • FreeBSD 9.1
    cpe:2.3:o:freebsd:freebsd:9.1
  • FreeBSD 9.1 Patch 4
    cpe:2.3:o:freebsd:freebsd:9.1:p4
  • FreeBSD 9.1 Patch 5
    cpe:2.3:o:freebsd:freebsd:9.1:p5
  • FreeBSD FreeBSD 9.2 PreRelease
    cpe:2.3:o:freebsd:freebsd:9.2:prerelease
  • FreeBSD FreeBSD 9.2 release candidate 1
    cpe:2.3:o:freebsd:freebsd:9.2:rc1
  • FreeBSD FreeBSD 9.2 release candidate 2
    cpe:2.3:o:freebsd:freebsd:9.2:rc2
  • Mandriva Business Server 1.0
    cpe:2.3:o:mandriva:business_server:1.0
  • Mandriva Enterprise Server 5.0
    cpe:2.3:o:mandriva:enterprise_server:5.0
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux 6.0
    cpe:2.3:o:redhat:enterprise_linux:6.0
  • ISC BIND 9.8.0
    cpe:2.3:a:isc:bind:9.8.0
  • ISC BIND 9.8.0 A1
    cpe:2.3:a:isc:bind:9.8.0:a1
  • ISC BIND 9.8.0 B1
    cpe:2.3:a:isc:bind:9.8.0:b1
  • ISC BIND 9.8.0 P1
    cpe:2.3:a:isc:bind:9.8.0:p1
  • ISC BIND 9.8.0 P2
    cpe:2.3:a:isc:bind:9.8.0:p2
  • ISC BIND 9.8.0-P4
    cpe:2.3:a:isc:bind:9.8.0:p4
  • ISC BIND 9.8.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.0:rc1
  • ISC BIND 9.8.1
    cpe:2.3:a:isc:bind:9.8.1
  • ISC BIND 9.8.1 B1
    cpe:2.3:a:isc:bind:9.8.1:b1
  • ISC BIND 9.8.1 B2
    cpe:2.3:a:isc:bind:9.8.1:b2
  • ISC BIND 9.8.1 B3
    cpe:2.3:a:isc:bind:9.8.1:b3
  • ISC BIND 9.8.1-P1
    cpe:2.3:a:isc:bind:9.8.1:p1
  • ISC BIND 9.8.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.1:rc1
  • ISC BIND 9.8.2 B1
    cpe:2.3:a:isc:bind:9.8.2:b1
  • ISC BIND 9.8.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.2:rc1
  • ISC BIND 9.8.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.8.2:rc2
  • ISC BIND 9.8.3
    cpe:2.3:a:isc:bind:9.8.3
  • ISC BIND 9.8.3-p1
    cpe:2.3:a:isc:bind:9.8.3:p1
  • ISC BIND 9.8.3-p2
    cpe:2.3:a:isc:bind:9.8.3:p2
  • ISC BIND 9.8.4
    cpe:2.3:a:isc:bind:9.8.4
  • ISC BIND 9.8.5
    cpe:2.3:a:isc:bind:9.8.5
  • ISC BIND 9.8.5 b1
    cpe:2.3:a:isc:bind:9.8.5:b1
  • ISC BIND 9.8.5 b2
    cpe:2.3:a:isc:bind:9.8.5:b2
  • ISC BIND 9.8.5 P1
    cpe:2.3:a:isc:bind:9.8.5:p1
  • ISC BIND 9.8.5 release candidate 1
    cpe:2.3:a:isc:bind:9.8.5:rc1
  • ISC BIND 9.8.5 release candidate 2
    cpe:2.3:a:isc:bind:9.8.5:rc2
  • ISC BIND 9.8.6b1
    cpe:2.3:a:isc:bind:9.8.6:b1
  • Fedora 18
    cpe:2.3:o:fedoraproject:fedora:18
  • Fedora 19
    cpe:2.3:o:fedoraproject:fedora:19
  • HP-UX B.11.31
    cpe:2.3:o:hp:hp-ux:b.11.31
  • Slackware Linux 12.1
    cpe:2.3:o:slackware:slackware_linux:12.1
  • Slackware Linux 12.2
    cpe:2.3:o:slackware:slackware_linux:12.2
  • Slackware Linux 13.0
    cpe:2.3:o:slackware:slackware_linux:13.0
  • Slackware Linux 13.1
    cpe:2.3:o:slackware:slackware_linux:13.1
  • Slackware Linux 13.37
    cpe:2.3:o:slackware:slackware_linux:13.37
CVSS
Base: 7.8 (as of 14-01-2015 - 11:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-13831.NASL
    description - update to 9.9.3-P2 (fix for CVE-2013-4854) - update RRL patch to 9.9.3-P2-rl.13207.22 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 69210
    published 2013-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69210
    title Fedora 18 : bind-9.9.3-4.P2.fc18 (2013-13831)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2728.NASL
    description Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69094
    published 2013-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69094
    title Debian DSA-2728-1 : bind9 - denial of service
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SERVER_4_0.NASL
    description The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A cross-site scripting flaw exists in the Xcode Server due to not properly validating input before returning it to the user. This can allow a remote attacker, using a specially crafted request, to execute code within the browser / server trust relationship. (CVE-2014-4406) - A SQL injection flaw exists in the Wiki Server due to not properly sanitizing user input before using it in SQL queries. This can allow a remote attacker, using a specially crafted request, to inject or manipulate SQL queries, thus allowing the manipulation or disclosure of arbitrary data. (CVE-2014-4424) - A restriction bypass flaw exists in the Mail Server due to SCAL changes being cached and not enforced until the service had restarted. This can allow an authenticated remote attacker to bypass those restrictions. (CVE-2014-4446) - A password disclosure flaw exists in the Profile Manager due to passwords being potentially saved to a file when editing or setting up a profile. This can allow a local attacker to gain access to password information. (CVE-2014-4447)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78601
    published 2014-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78601
    title Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-34.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-34 (BIND: Denial of Service) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72208
    published 2014-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72208
    title GLSA-201401-34 : BIND: Denial of Service
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0084.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 (#1171973) - Use /dev/urandom when generating rndc.key file (#951255) - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don't generate rndc.key if there is rndc.conf on start-up (#997743) - Fix dig man page regarding how to disable IDN (#1023045) - Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876) - Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065) - Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033) - Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123) - Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414) - Fix initscript not to mount chroot filesystem is named is already running (#948743) - Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632) - Correct the installed documentation ownership (#1051283) - configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008) - Fix race condition when destroying a resolver fetch object (#993612) - Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700) - Fix segfault on SERVFAIL to NXDOMAIN failover (#919545) - Fix (CVE-2014-0591) - Fix gssapictx memory leak (#911167) - fix (CVE-2013-4854) - fix (CVE-2013-2266) - ship dns/rrl.h in -devel subpkg - remove one bogus file from /usr/share/doc, introduced by RRL patch - fix (CVE-2012-5689) - add response rate limit patch (#873624)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 80247
    published 2014-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80247
    title OracleVM 3.3 : bind (OVMSA-2014-0084)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1114.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 69110
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69110
    title RHEL 6 : bind (RHSA-2013:1114)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BIND-130805.NASL
    description A specially crafted query with malicious rdata could have caused a crash (DoS) in named.
    last seen 2019-02-21
    modified 2013-11-17
    plugin id 69259
    published 2013-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69259
    title SuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8160 / 8161)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-654.NASL
    description The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. (CVE-2013-4854, bnc#831899)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75123
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75123
    title openSUSE Security Update : bind (openSUSE-SU-2013:1353-1)
  • NASL family Firewalls
    NASL id MCAFEE_FIREWALL_ENTERPRISE_SB10052.NASL
    description The remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this by sending a specially crafted query with a malformed RDATA section.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 76118
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76118
    title McAfee Firewall Enterprise DoS (SB10052)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-13863.NASL
    description - update to 9.9.3-P2 (fix for CVE-2013-4854) - update RRL patch to 9.9.3-P2-rl.13207.22 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 69211
    published 2013-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69211
    title Fedora 19 : bind-9.9.3-5.P2.fc19 (2013-13863)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130730_BIND_ON_SL6_X.NASL
    description A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 69165
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69165
    title Scientific Linux Security Update : bind on SL6.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1910-1.NASL
    description Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 69119
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69119
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : bind9 vulnerability (USN-1910-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1115.NASL
    description From Red Hat Security Advisory 2013:1115 : Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 69157
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69157
    title Oracle Linux 5 : bind97 (ELSA-2013-1115)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1114.NASL
    description From Red Hat Security Advisory 2013:1114 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 69156
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69156
    title Oracle Linux 6 : bind (ELSA-2013-1114)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-218-01.NASL
    description New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 69224
    published 2013-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69224
    title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2013-218-01)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1115.NASL
    description Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69141
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69141
    title CentOS 5 : bind97 (CESA-2013:1115)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL14613.NASL
    description The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial-of-service (DoS) through a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78154
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78154
    title F5 Networks BIG-IP : BIND vulnerability (SOL14613)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1114.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69140
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69140
    title CentOS 6 : bind (CESA-2013:1114)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-214.NASL
    description A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 70218
    published 2013-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70218
    title Amazon Linux AMI : bind (ALAS-2013-214)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7943E521F64811E286073C970E169BC2.NASL
    description ISC reports : A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 69088
    published 2013-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69088
    title FreeBSD : bind -- denial of service vulnerability (7943e521-f648-11e2-8607-3c970e169bc2)
  • NASL family DNS
    NASL id BIND9_993_P2.NASL
    description According to its self-reported version number, the remote installation of BIND can be forced to crash via specially crafted queries containing malformed 'rdata' contents. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected. Further note that this vulnerability is being actively exploited at the time of this writing.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69106
    published 2013-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69106
    title ISC BIND 9 RDATA Section Handling DoS
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1115.NASL
    description Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69111
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69111
    title RHEL 5 : bind97 (RHSA-2013:1115)
  • NASL family Misc.
    NASL id MCAFEE_WEB_GATEWAY_SB10052.NASL
    description The remote host has a version of McAfee Web Gateway (MWG) prior to 7.3.2.2. It is, therefore, affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this vulnerability by sending a specially crafted query with a malformed RDATA section.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 76120
    published 2014-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76120
    title McAfee Web Gateway < 7.3.2.2 DoS (SB10052)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-202.NASL
    description A vulnerability has been discovered and corrected in bind : The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (daemon crash) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013 (CVE-2013-4854). The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 69097
    published 2013-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69097
    title Mandriva Linux Security Advisory : bind (MDVSA-2013:202)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130730_BIND97_ON_SL5_X.NASL
    description A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 69164
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69164
    title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64
oval via4
accepted 2015-04-20T04:01:29.911-04:00
class vulnerability
contributors
  • name Ganesh Manal
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
family unix
id oval:org.mitre.oval:def:19561
status accepted
submitted 2013-11-22T11:43:28.000-05:00
title HP-UX Running BIND, Remote Denial of Service (DoS)
version 41
redhat via4
advisories
  • bugzilla
    id 988999
    title CVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment bind is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114005
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114009
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114015
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114007
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-sdb is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114011
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-utils is earlier than 32:9.8.2-0.17.rc1.el6_4.5
          oval oval:com.redhat.rhsa:tst:20131114013
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2013:1114
    released 2013-07-30
    severity Important
    title RHSA-2013:1114: bind security update (Important)
  • bugzilla
    id 988999
    title CVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment bind97 is earlier than 32:9.7.0-17.P2.el5_9.2
          oval oval:com.redhat.rhsa:tst:20131115002
        • comment bind97 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845003
      • AND
        • comment bind97-chroot is earlier than 32:9.7.0-17.P2.el5_9.2
          oval oval:com.redhat.rhsa:tst:20131115010
        • comment bind97-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845005
      • AND
        • comment bind97-devel is earlier than 32:9.7.0-17.P2.el5_9.2
          oval oval:com.redhat.rhsa:tst:20131115004
        • comment bind97-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845007
      • AND
        • comment bind97-libs is earlier than 32:9.7.0-17.P2.el5_9.2
          oval oval:com.redhat.rhsa:tst:20131115008
        • comment bind97-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845009
      • AND
        • comment bind97-utils is earlier than 32:9.7.0-17.P2.el5_9.2
          oval oval:com.redhat.rhsa:tst:20131115006
        • comment bind97-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110845011
    rhsa
    id RHSA-2013:1115
    released 2013-07-30
    severity Important
    title RHSA-2013:1115: bind97 security update (Important)
rpms
  • bind-32:9.8.2-0.17.rc1.el6_4.5
  • bind-chroot-32:9.8.2-0.17.rc1.el6_4.5
  • bind-devel-32:9.8.2-0.17.rc1.el6_4.5
  • bind-libs-32:9.8.2-0.17.rc1.el6_4.5
  • bind-sdb-32:9.8.2-0.17.rc1.el6_4.5
  • bind-utils-32:9.8.2-0.17.rc1.el6_4.5
  • bind97-32:9.7.0-17.P2.el5_9.2
  • bind97-chroot-32:9.7.0-17.P2.el5_9.2
  • bind97-devel-32:9.7.0-17.P2.el5_9.2
  • bind97-libs-32:9.7.0-17.P2.el5_9.2
  • bind97-utils-32:9.7.0-17.P2.el5_9.2
refmap via4
apple APPLE-SA-2014-10-16-3
bid 61479
bugtraq 20130806 [slackware-security] bind (SSA:2013-218-01)
confirm
debian DSA-2728
fedora
  • FEDORA-2013-13831
  • FEDORA-2013-13863
freebsd FreeBSD-SA-13:07
hp
  • HPSBUX02926
  • SSRT101281
mandriva MDVSA-2013:202
misc
sectrack 1028838
secunia
  • 54134
  • 54185
  • 54207
  • 54211
  • 54323
  • 54432
suse
  • SUSE-SU-2013:1310
  • openSUSE-SU-2013:1354
ubuntu USN-1910-1
xf isc-bind-cve20134854-dos(86004)
Last major update 06-01-2017 - 21:59
Published 29-07-2013 - 09:59
Last modified 22-04-2019 - 13:48
Back to Top