7.8

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version9.7.0
IscBind Version9.7.0 Updateb1
IscBind Version9.7.0 Updatep1
IscBind Version9.7.0 Updatep2
IscBind Version9.7.0 Updaterc1
IscBind Version9.7.0 Updaterc2
IscBind Version9.7.1
IscBind Version9.7.1 Updatep1
IscBind Version9.7.1 Updatep2
IscBind Version9.7.1 Updaterc1
IscBind Version9.7.2
IscBind Version9.7.2 Updatep1
IscBind Version9.7.2 Updatep2
IscBind Version9.7.2 Updatep3
IscBind Version9.7.2 Updaterc1
IscBind Version9.7.3
IscBind Version9.7.3 Updateb1
IscBind Version9.7.3 Updatep1
IscBind Version9.7.3 Updaterc1
IscBind Version9.7.4
IscBind Version9.7.4 Updateb1
IscBind Version9.7.4 Updatep1
IscBind Version9.7.4 Updaterc1
IscBind Version9.7.5
IscBind Version9.7.5 Updateb1
IscBind Version9.7.5 Updaterc1
IscBind Version9.7.5 Updaterc2
IscBind Version9.7.6
IscBind Version9.7.6 Updatep1
IscBind Version9.7.6 Updatep2
IscBind Version9.7.7
NovellSuse Linux Version11 Editionserver
   NovellSuse Linux Version11 Editionserver
IscDnsco Bind Version9.9.3 Updates1
IscDnsco Bind Version9.9.4 Updates1b1
OpensuseOpensuse Version11.4
IscBind Version9.9.0
IscBind Version9.9.0 Updatea1
IscBind Version9.9.0 Updatea2
IscBind Version9.9.0 Updatea3
IscBind Version9.9.0 Updateb1
IscBind Version9.9.0 Updateb2
IscBind Version9.9.0 Updaterc1
IscBind Version9.9.0 Updaterc2
IscBind Version9.9.0 Updaterc3
IscBind Version9.9.0 Updaterc4
IscBind Version9.9.1
IscBind Version9.9.1 Updatep1
IscBind Version9.9.1 Updatep2
IscBind Version9.9.2
IscBind Version9.9.3
IscBind Version9.9.3 Updateb1
IscBind Version9.9.3 Updateb2
IscBind Version9.9.3 Updatep1
IscBind Version9.9.3 Updaterc1
IscBind Version9.9.3 Updaterc2
FreebsdFreebsd Version8.0
FreebsdFreebsd Version8.1
FreebsdFreebsd Version8.2
FreebsdFreebsd Version8.3
FreebsdFreebsd Version8.4
FreebsdFreebsd Version9.0
FreebsdFreebsd Version9.1
FreebsdFreebsd Version9.1 Updatep4
FreebsdFreebsd Version9.1 Updatep5
FreebsdFreebsd Version9.2 Updateprerelease
FreebsdFreebsd Version9.2 Updaterc1
FreebsdFreebsd Version9.2 Updaterc2
MandrivaBusiness Server Version1.0
MandrivaEnterprise Server Version5.0
RedhatEnterprise Linux Version5
RedhatEnterprise Linux Version6.0
IscBind Version9.8.0
IscBind Version9.8.0 Updatea1
IscBind Version9.8.0 Updateb1
IscBind Version9.8.0 Updatep1
IscBind Version9.8.0 Updatep2
IscBind Version9.8.0 Updatep4
IscBind Version9.8.0 Updaterc1
IscBind Version9.8.1
IscBind Version9.8.1 Updateb1
IscBind Version9.8.1 Updateb2
IscBind Version9.8.1 Updateb3
IscBind Version9.8.1 Updatep1
IscBind Version9.8.1 Updaterc1
IscBind Version9.8.2 Updateb1
IscBind Version9.8.2 Updaterc1
IscBind Version9.8.2 Updaterc2
IscBind Version9.8.3
IscBind Version9.8.3 Updatep1
IscBind Version9.8.3 Updatep2
IscBind Version9.8.4
IscBind Version9.8.5
IscBind Version9.8.5 Updateb1
IscBind Version9.8.5 Updateb2
IscBind Version9.8.5 Updatep1
IscBind Version9.8.5 Updaterc1
IscBind Version9.8.5 Updaterc2
IscBind Version9.8.6 Updateb1
FedoraprojectFedora Version18
FedoraprojectFedora Version19
HpHp-ux Versionb.11.31
SlackwareSlackware Linux Version12.1
SlackwareSlackware Linux Version12.2
SlackwareSlackware Linux Version13.0
SlackwareSlackware Linux Version13.1
SlackwareSlackware Linux Version13.37
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 34.15% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://linux.oracle.com/errata/ELSA-2014-1244
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
https://support.apple.com/kb/HT6536
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1114.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1115.html
Vendor Advisory
http://secunia.com/advisories/54134
Vendor Advisory
http://secunia.com/advisories/54185
Vendor Advisory
http://secunia.com/advisories/54207
Vendor Advisory
http://secunia.com/advisories/54211
Vendor Advisory
http://secunia.com/advisories/54323
Vendor Advisory
http://secunia.com/advisories/54432
Vendor Advisory
http://www.debian.org/security/2013/dsa-2728
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:202
Vendor Advisory
http://www.securityfocus.com/bid/61479
http://www.securitytracker.com/id/1028838
http://www.ubuntu.com/usn/USN-1910-1
http://www.zerodayinitiative.com/advisories/ZDI-13-210/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396
Vendor Advisory
https://kb.isc.org/article/AA-01015
Vendor Advisory
https://kb.isc.org/article/AA-01016
Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561