what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2013-4854

Status Candidate

Overview

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Related Files

Apple Security Advisory 2014-10-16-3
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3919, CVE-2013-4164, CVE-2013-4854, CVE-2013-6393, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0591, CVE-2014-3566, CVE-2014-4406, CVE-2014-4424, CVE-2014-4446, CVE-2014-4447
SHA-256 | 1dbaa2d9e56d6c022558d94920c0f6e967f065a4281ff33a22add0e19be6d2f7
Gentoo Linux Security Advisory 201401-34
Posted Jan 30, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-5166, CVE-2012-5688, CVE-2012-5689, CVE-2013-2266, CVE-2013-3919, CVE-2013-4854, CVE-2014-0591
SHA-256 | 08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12
HP Security Bulletin HPSBUX02926 SSRT101281
Posted Sep 11, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02926 SSRT101281 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-4854
SHA-256 | 8fb3be36c55ee49d72f1d314ca4827cb7aa6722cb468c6b2d1a3fae31c2369f5
Slackware Security Advisory - bind Updates
Posted Aug 6, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4854.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4854
SHA-256 | fc96f82d7269e1b2e9f49331cf9d134e3b7ff653a3fbebacd5125612df832900
Red Hat Security Advisory 2013-1115-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1115-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
SHA-256 | 2c4c9735dccdd293d6c3761af0e515e2e9e678a170f95e35d0d880ad6d09c2c9
Red Hat Security Advisory 2013-1114-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1114-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
SHA-256 | 2004136b8895379be9ea87bd35769ff77ec069f6404a3d36a2ee61892442afc1
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 29, 2013
Authored by Maxim Shudrak | Site security.freebsd.org

FreeBSD Security Advisory - Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers.

tags | advisory
systems | freebsd
advisories | CVE-2013-4854
SHA-256 | f1c6bd390fafc6b86654d596d7ddcfa62102f4a0aa7b681a7a87ed56ead922b7
Ubuntu Security Notice USN-1910-1
Posted Jul 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1910-1 - Maxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4854
SHA-256 | 0897033390d296a9ef63ec8183d77ea83c2dfac3bcece6cc232c0f4c8928b234
Mandriva Linux Security Advisory 2013-202
Posted Jul 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-202 - The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-4854
SHA-256 | 81f641183de26262e71f4b53dd49a153a27531ad1f983c82c624502231052b82
Debian Security Advisory 2728-1
Posted Jul 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2728-1 - Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-4854
SHA-256 | a0841bbff63be72c66d72727b311877a598ecc9a936404ef7f60bdc5961b4a5f
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close