CVE-2013-4854 - OpenCVE

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Slackware	Slackware Linux
Isc	Dnsco Bind Bind
Suse	Suse Linux Enterprise Software Development Kit
Mandriva	Enterprise Server Business Server
Fedoraproject	Fedora
Novell	Suse Linux
Opensuse	Opensuse
Hp	Hp-ux
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:9.7.0:::::::*
	cpe:2.3:a:isc:bind:9.7.0:b1::::::
	cpe:2.3:a:isc:bind:9.7.0:p1::::::
	cpe:2.3:a:isc:bind:9.7.0:p2::::::
	cpe:2.3:a:isc:bind:9.7.0:rc1::::::
	cpe:2.3:a:isc:bind:9.7.0:rc2::::::
	cpe:2.3:a:isc:bind:9.7.1:::::::*
	cpe:2.3:a:isc:bind:9.7.1:p1::::::
	cpe:2.3:a:isc:bind:9.7.1:p2::::::
	cpe:2.3:a:isc:bind:9.7.1:rc1::::::
	cpe:2.3:a:isc:bind:9.7.2:::::::*
	cpe:2.3:a:isc:bind:9.7.2:p1::::::
	cpe:2.3:a:isc:bind:9.7.2:p2::::::
	cpe:2.3:a:isc:bind:9.7.2:p3::::::
	cpe:2.3:a:isc:bind:9.7.2:rc1::::::
	cpe:2.3:a:isc:bind:9.7.3:::::::*
	cpe:2.3:a:isc:bind:9.7.3:b1::::::
	cpe:2.3:a:isc:bind:9.7.3:p1::::::
	cpe:2.3:a:isc:bind:9.7.3:rc1::::::
	cpe:2.3:a:isc:bind:9.7.4:::::::*
	cpe:2.3:a:isc:bind:9.7.4:b1::::::
	cpe:2.3:a:isc:bind:9.7.4:p1::::::
	cpe:2.3:a:isc:bind:9.7.4:rc1::::::
	cpe:2.3:a:isc:bind:9.7.5:::::::*
	cpe:2.3:a:isc:bind:9.7.5:b1::::::
	cpe:2.3:a:isc:bind:9.7.5:rc1::::::
	cpe:2.3:a:isc:bind:9.7.5:rc2::::::
	cpe:2.3:a:isc:bind:9.7.6:::::::*
	cpe:2.3:a:isc:bind:9.7.6:p1::::::
	cpe:2.3:a:isc:bind:9.7.6:p2::::::
	cpe:2.3:a:isc:bind:9.7.7:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2::::::
	cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3::::::
	cpe:2.3:o:novell:suse_linux:11::desktop:::::
	cpe:2.3:o:novell:suse_linux:11::server:::::

Configuration 3 [-]

OR	cpe:2.3:a:isc:dnsco_bind:9.9.3:s1::::::
	cpe:2.3:a:isc:dnsco_bind:9.9.4:s1b1::::::

Configuration 4 [-]

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:isc:bind:9.9.0:::::::*
	cpe:2.3:a:isc:bind:9.9.0:a1::::::
	cpe:2.3:a:isc:bind:9.9.0:a2::::::
	cpe:2.3:a:isc:bind:9.9.0:a3::::::
	cpe:2.3:a:isc:bind:9.9.0:b1::::::
	cpe:2.3:a:isc:bind:9.9.0:b2::::::
	cpe:2.3:a:isc:bind:9.9.0:rc1::::::
	cpe:2.3:a:isc:bind:9.9.0:rc2::::::
	cpe:2.3:a:isc:bind:9.9.0:rc3::::::
	cpe:2.3:a:isc:bind:9.9.0:rc4::::::
	cpe:2.3:a:isc:bind:9.9.1:::::::*
	cpe:2.3:a:isc:bind:9.9.1:p1::::::
	cpe:2.3:a:isc:bind:9.9.1:p2::::::
	cpe:2.3:a:isc:bind:9.9.2:::::::*
	cpe:2.3:a:isc:bind:9.9.3:::::::*
	cpe:2.3:a:isc:bind:9.9.3:b1::::::
	cpe:2.3:a:isc:bind:9.9.3:b2::::::
	cpe:2.3:a:isc:bind:9.9.3:p1::::::
	cpe:2.3:a:isc:bind:9.9.3:rc1::::::
	cpe:2.3:a:isc:bind:9.9.3:rc2::::::

Configuration 6 [-]

OR	cpe:2.3:o:freebsd:freebsd:8.0:::::::*
	cpe:2.3:o:freebsd:freebsd:8.1:::::::*
	cpe:2.3:o:freebsd:freebsd:8.2:::::::*
	cpe:2.3:o:freebsd:freebsd:8.3:::::::*
	cpe:2.3:o:freebsd:freebsd:8.4:::::::*
	cpe:2.3:o:freebsd:freebsd:9.0:::::::*
	cpe:2.3:o:freebsd:freebsd:9.1:::::::*
	cpe:2.3:o:freebsd:freebsd:9.1:p4::::::
	cpe:2.3:o:freebsd:freebsd:9.1:p5::::::
	cpe:2.3:o:freebsd:freebsd:9.2:prerelease::::::
	cpe:2.3:o:freebsd:freebsd:9.2:rc1::::::
	cpe:2.3:o:freebsd:freebsd:9.2:rc2::::::

Configuration 7 [-]

OR	cpe:2.3:o:mandriva:business_server:1.0:::::::*
	cpe:2.3:o:mandriva:enterprise_server:5.0:::::::*

Configuration 8 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:isc:bind:9.8.0:::::::*
	cpe:2.3:a:isc:bind:9.8.0:a1::::::
	cpe:2.3:a:isc:bind:9.8.0:b1::::::
	cpe:2.3:a:isc:bind:9.8.0:p1::::::
	cpe:2.3:a:isc:bind:9.8.0:p2::::::
	cpe:2.3:a:isc:bind:9.8.0:p4::::::
	cpe:2.3:a:isc:bind:9.8.0:rc1::::::
	cpe:2.3:a:isc:bind:9.8.1:::::::*
	cpe:2.3:a:isc:bind:9.8.1:b1::::::
	cpe:2.3:a:isc:bind:9.8.1:b2::::::
	cpe:2.3:a:isc:bind:9.8.1:b3::::::
	cpe:2.3:a:isc:bind:9.8.1:p1::::::
	cpe:2.3:a:isc:bind:9.8.1:rc1::::::
	cpe:2.3:a:isc:bind:9.8.2:b1::::::
	cpe:2.3:a:isc:bind:9.8.2:rc1::::::
	cpe:2.3:a:isc:bind:9.8.2:rc2::::::
	cpe:2.3:a:isc:bind:9.8.3:::::::*
	cpe:2.3:a:isc:bind:9.8.3:p1::::::
	cpe:2.3:a:isc:bind:9.8.3:p2::::::
	cpe:2.3:a:isc:bind:9.8.4:::::::*
	cpe:2.3:a:isc:bind:9.8.5:::::::*
	cpe:2.3:a:isc:bind:9.8.5:b1::::::
	cpe:2.3:a:isc:bind:9.8.5:b2::::::
	cpe:2.3:a:isc:bind:9.8.5:p1::::::
	cpe:2.3:a:isc:bind:9.8.5:rc1::::::
	cpe:2.3:a:isc:bind:9.8.5:rc2::::::
	cpe:2.3:a:isc:bind:9.8.6:b1::::::

Configuration 10 [-]

OR	cpe:2.3:o:fedoraproject:fedora:18:::::::*
	cpe:2.3:o:fedoraproject:fedora:19:::::::*

Configuration 11 [-]

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:o:slackware:slackware_linux:12.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:12.2:::::::*
	cpe:2.3:o:slackware:slackware_linux:13.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:13.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:13.37:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1114.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1115.html	Vendor Advisory
http://secunia.com/advisories/54134	Vendor Advisory
http://secunia.com/advisories/54185	Vendor Advisory
http://secunia.com/advisories/54207	Vendor Advisory
http://secunia.com/advisories/54211	Vendor Advisory
http://secunia.com/advisories/54323	Vendor Advisory
http://secunia.com/advisories/54432	Vendor Advisory
http://www.debian.org/security/2013/dsa-2728
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:202	Vendor Advisory
http://www.securityfocus.com/bid/61479
http://www.securitytracker.com/id/1028838
http://www.ubuntu.com/usn/USN-1910-1
http://www.zerodayinitiative.com/advisories/ZDI-13-210/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396	Vendor Advisory
https://kb.isc.org/article/AA-01015	Vendor Advisory
https://kb.isc.org/article/AA-01016	Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
https://support.apple.com/kb/HT6536