[v2.3] bind: CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormall
CVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: 9.7.09.7.7,
9.8.0>9.8.5-P1, 9.9.0->9.9.3-P1, 9.8.6b1 and 9.9.4b1;
Subscription: 9.9.3-S1 and 9.9.4-S1b1
Severity: Critical
Exploitable: Remotely
Description
A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.
BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier branches of BIND 9 are believed to be unaffected but have not been tested. BIND 10 is also unaffected by this issue.
Please Note: All versions of BIND 9.7 are known to be affected, but these branches are beyond their “end of life” (EOL) and no longer receive testing or security fixes from ISC. For current information on which versions are actively supported, please see http://www.isc.org/downloads/software-support-policy/bind-software-status/.
Impact
Authoritative and recursive servers are equally vulnerable. Intentional exploitation of this condition can cause a denial of service in all nameservers running affected versions of BIND 9. Access Control Lists do not provide any protection from malicious clients.
In addition to the named server, applications built using libraries from the affected source distributions may crash with assertion failures triggered in the same fashion.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Workarounds
No known workarounds at this time.
Active exploits
Crashes have been reported by multiple ISC customers. First observed in the wild on 26 July 2013.
(from redmine: issue id 2178, created on 2013-07-29, closed on 2013-07-30)
- Relations:
- parent #2173 (closed)
- Changesets:
- Revision 9fe77599 by Natanael Copa on 2013-07-29T08:26:56Z:
main/bind: security upgrade to 9.8.5_p2 (CVE-2013-4854)
fixes #2178