CVE-2013-4854

First published: Fri Jul 26 2013(Updated: )

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ISC BIND	=9.7.0
ISC BIND	=9.7.0-b1
ISC BIND	=9.7.0-p1
ISC BIND	=9.7.0-p2
ISC BIND	=9.7.0-rc1
ISC BIND	=9.7.0-rc2
ISC BIND	=9.7.1
ISC BIND	=9.7.1-p1
ISC BIND	=9.7.1-p2
ISC BIND	=9.7.1-rc1
ISC BIND	=9.7.2
ISC BIND	=9.7.2-p1
ISC BIND	=9.7.2-p2
ISC BIND	=9.7.2-p3
ISC BIND	=9.7.2-rc1
ISC BIND	=9.7.3
ISC BIND	=9.7.3-b1
ISC BIND	=9.7.3-p1
ISC BIND	=9.7.3-rc1
ISC BIND	=9.7.4
ISC BIND	=9.7.4-b1
ISC BIND	=9.7.4-p1
ISC BIND	=9.7.4-rc1
ISC BIND	=9.7.5
ISC BIND	=9.7.5-b1
ISC BIND	=9.7.5-rc1
ISC BIND	=9.7.5-rc2
ISC BIND	=9.7.6
ISC BIND	=9.7.6-p1
ISC BIND	=9.7.6-p2
ISC BIND	=9.7.7
Suse Suse Linux Enterprise Software Development Kit	=11.0-sp2
Suse Suse Linux Enterprise Software Development Kit	=11.0-sp3
Novell Suse Linux	=11
Novell Suse Linux	=11
Isc Dnsco Bind	=9.9.3-s1
Isc Dnsco Bind	=9.9.4-s1b1
openSUSE openSUSE	=11.4
ISC BIND	=9.9.0
ISC BIND	=9.9.0-a1
ISC BIND	=9.9.0-a2
ISC BIND	=9.9.0-a3
ISC BIND	=9.9.0-b1
ISC BIND	=9.9.0-b2
ISC BIND	=9.9.0-rc1
ISC BIND	=9.9.0-rc2
ISC BIND	=9.9.0-rc3
ISC BIND	=9.9.0-rc4
ISC BIND	=9.9.1
ISC BIND	=9.9.1-p1
ISC BIND	=9.9.1-p2
ISC BIND	=9.9.2
ISC BIND	=9.9.3
ISC BIND	=9.9.3-b1
ISC BIND	=9.9.3-b2
ISC BIND	=9.9.3-p1
ISC BIND	=9.9.3-rc1
ISC BIND	=9.9.3-rc2
FreeBSD FreeBSD	=8.0
FreeBSD FreeBSD	=8.1
FreeBSD FreeBSD	=8.2
FreeBSD FreeBSD	=8.3
FreeBSD FreeBSD	=8.4
FreeBSD FreeBSD	=9.0
FreeBSD FreeBSD	=9.1
FreeBSD FreeBSD	=9.1-p4
FreeBSD FreeBSD	=9.1-p5
FreeBSD FreeBSD	=9.2-prerelease
FreeBSD FreeBSD	=9.2-rc1
FreeBSD FreeBSD	=9.2-rc2
Mandriva Business Server	=1.0
Mandriva Enterprise Server	=5.0
Redhat Enterprise Linux	=5
Redhat Enterprise Linux	=6.0
ISC BIND	=9.8.0
ISC BIND	=9.8.0-a1
ISC BIND	=9.8.0-b1
ISC BIND	=9.8.0-p1
ISC BIND	=9.8.0-p2
ISC BIND	=9.8.0-p4
ISC BIND	=9.8.0-rc1
ISC BIND	=9.8.1
ISC BIND	=9.8.1-b1
ISC BIND	=9.8.1-b2
ISC BIND	=9.8.1-b3
ISC BIND	=9.8.1-p1
ISC BIND	=9.8.1-rc1
ISC BIND	=9.8.2-b1
ISC BIND	=9.8.2-rc1
ISC BIND	=9.8.2-rc2
ISC BIND	=9.8.3
ISC BIND	=9.8.3-p1
ISC BIND	=9.8.3-p2
ISC BIND	=9.8.4
ISC BIND	=9.8.5
ISC BIND	=9.8.5-b1
ISC BIND	=9.8.5-b2
ISC BIND	=9.8.5-p1
ISC BIND	=9.8.5-rc1
ISC BIND	=9.8.5-rc2
ISC BIND	=9.8.6-b1
Fedoraproject Fedora	=18
Fedoraproject Fedora	=19
HP HP-UX	=b.11.31
Slackware Slackware Linux	=12.1
Slackware Slackware Linux	=12.2
Slackware Slackware Linux	=13.0
Slackware Slackware Linux	=13.1
Slackware Slackware Linux	=13.37

Never miss a vulnerability like this again

Reference Links

agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/author
agent/severity
agent/description
agent/event
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/isc
canonical/isc bind
version/isc bind/9.7.0
version/isc bind/9.7.0-b1
version/isc bind/9.7.0-p1
version/isc bind/9.7.0-p2
version/isc bind/9.7.0-rc1
version/isc bind/9.7.0-rc2
version/isc bind/9.7.1
version/isc bind/9.7.1-p1
version/isc bind/9.7.1-p2
version/isc bind/9.7.1-rc1
version/isc bind/9.7.2
version/isc bind/9.7.2-p1
version/isc bind/9.7.2-p2
version/isc bind/9.7.2-p3
version/isc bind/9.7.2-rc1
version/isc bind/9.7.3
version/isc bind/9.7.3-b1
version/isc bind/9.7.3-p1
version/isc bind/9.7.3-rc1
version/isc bind/9.7.4
version/isc bind/9.7.4-b1
version/isc bind/9.7.4-p1
version/isc bind/9.7.4-rc1
version/isc bind/9.7.5
version/isc bind/9.7.5-b1
version/isc bind/9.7.5-rc1
version/isc bind/9.7.5-rc2
version/isc bind/9.7.6
version/isc bind/9.7.6-p1
version/isc bind/9.7.6-p2
version/isc bind/9.7.7
vendor/suse
canonical/suse suse linux enterprise software development kit
version/suse suse linux enterprise software development kit/11.0-sp2
version/suse suse linux enterprise software development kit/11.0-sp3
vendor/novell
canonical/novell suse linux
version/novell suse linux/11
canonical/isc dnsco bind
version/isc dnsco bind/9.9.3-s1
version/isc dnsco bind/9.9.4-s1b1
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/11.4
version/isc bind/9.9.0
version/isc bind/9.9.0-a1
version/isc bind/9.9.0-a2
version/isc bind/9.9.0-a3
version/isc bind/9.9.0-b1
version/isc bind/9.9.0-b2
version/isc bind/9.9.0-rc1
version/isc bind/9.9.0-rc2
version/isc bind/9.9.0-rc3
version/isc bind/9.9.0-rc4
version/isc bind/9.9.1
version/isc bind/9.9.1-p1
version/isc bind/9.9.1-p2
version/isc bind/9.9.2
version/isc bind/9.9.3
version/isc bind/9.9.3-b1
version/isc bind/9.9.3-b2
version/isc bind/9.9.3-p1
version/isc bind/9.9.3-rc1
version/isc bind/9.9.3-rc2
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/8.0
version/freebsd freebsd/8.1
version/freebsd freebsd/8.2
version/freebsd freebsd/8.3
version/freebsd freebsd/8.4
version/freebsd freebsd/9.0
version/freebsd freebsd/9.1
version/freebsd freebsd/9.1-p4
version/freebsd freebsd/9.1-p5
version/freebsd freebsd/9.2-prerelease
version/freebsd freebsd/9.2-rc1
version/freebsd freebsd/9.2-rc2
vendor/mandriva
canonical/mandriva business server
version/mandriva business server/1.0
canonical/mandriva enterprise server
version/mandriva enterprise server/5.0
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/5
version/redhat enterprise linux/6.0
version/isc bind/9.8.0
version/isc bind/9.8.0-a1
version/isc bind/9.8.0-b1
version/isc bind/9.8.0-p1
version/isc bind/9.8.0-p2
version/isc bind/9.8.0-p4
version/isc bind/9.8.0-rc1
version/isc bind/9.8.1
version/isc bind/9.8.1-b1
version/isc bind/9.8.1-b2
version/isc bind/9.8.1-b3
version/isc bind/9.8.1-p1
version/isc bind/9.8.1-rc1
version/isc bind/9.8.2-b1
version/isc bind/9.8.2-rc1
version/isc bind/9.8.2-rc2
version/isc bind/9.8.3
version/isc bind/9.8.3-p1
version/isc bind/9.8.3-p2
version/isc bind/9.8.4
version/isc bind/9.8.5
version/isc bind/9.8.5-b1
version/isc bind/9.8.5-b2
version/isc bind/9.8.5-p1
version/isc bind/9.8.5-rc1
version/isc bind/9.8.5-rc2
version/isc bind/9.8.6-b1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/18
version/fedoraproject fedora/19
vendor/hp
canonical/hp hp-ux
version/hp hp-ux/b.11.31
vendor/slackware
canonical/slackware slackware linux
version/slackware slackware linux/12.1
version/slackware slackware linux/12.2
version/slackware slackware linux/13.0
version/slackware slackware linux/13.1
version/slackware slackware linux/13.37

CVE-2013-4854

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact