CVE - CVE-2013-4854

CVE-ID
CVE-2013-4854	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20130806 [slackware-security] bind (SSA:2013-218-01) URL:http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html MISC:http://www.zerodayinitiative.com/advisories/ZDI-13-210/ MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10052 CONFIRM:https://kb.isc.org/article/AA-01015 CONFIRM:https://kb.isc.org/article/AA-01016 CONFIRM:https://support.apple.com/kb/HT6536 CONFIRM:http://linux.oracle.com/errata/ELSA-2014-1244 APPLE:APPLE-SA-2014-10-16-3 URL:http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html DEBIAN:DSA-2728 URL:http://www.debian.org/security/2013/dsa-2728 FEDORA:FEDORA-2013-13831 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html FEDORA:FEDORA-2013-13863 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html FREEBSD:FreeBSD-SA-13:07 URL:http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc HP:HPSBUX02926 URL:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 HP:SSRT101281 URL:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 MANDRIVA:MDVSA-2013:202 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:202 REDHAT:RHSA-2013:1114 URL:http://rhn.redhat.com/errata/RHSA-2013-1114.html REDHAT:RHSA-2013:1115 URL:http://rhn.redhat.com/errata/RHSA-2013-1115.html SUSE:SUSE-SU-2013:1310 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html SUSE:openSUSE-SU-2013:1354 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html UBUNTU:USN-1910-1 URL:http://www.ubuntu.com/usn/USN-1910-1 BID:61479 URL:http://www.securityfocus.com/bid/61479 OVAL:oval:org.mitre.oval:def:19561 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561 SECTRACK:1028838 URL:http://www.securitytracker.com/id/1028838 SECUNIA:54432 URL:http://secunia.com/advisories/54432 SECUNIA:54207 URL:http://secunia.com/advisories/54207 SECUNIA:54134 URL:http://secunia.com/advisories/54134 SECUNIA:54185 URL:http://secunia.com/advisories/54185 SECUNIA:54211 URL:http://secunia.com/advisories/54211 SECUNIA:54323 URL:http://secunia.com/advisories/54323 XF:isc-bind-cve20134854-dos(86004) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
Assigning CNA
N/A
Date Entry Created
20130716	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130716)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.