CVE - CVE-2013-4854

CVE-ID
CVE-2013-4854	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2014-10-16-3 URL:http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html BID:61479 URL:http://www.securityfocus.com/bid/61479 BUGTRAQ:20130806 [slackware-security] bind (SSA:2013-218-01) URL:http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html CONFIRM:http://linux.oracle.com/errata/ELSA-2014-1244 CONFIRM:https://kb.isc.org/article/AA-01015 CONFIRM:https://kb.isc.org/article/AA-01016 CONFIRM:https://support.apple.com/kb/HT6536 DEBIAN:DSA-2728 URL:http://www.debian.org/security/2013/dsa-2728 FEDORA:FEDORA-2013-13831 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html FEDORA:FEDORA-2013-13863 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html FREEBSD:FreeBSD-SA-13:07 URL:http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc HP:HPSBUX02926 URL:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 HP:SSRT101281 URL:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 MANDRIVA:MDVSA-2013:202 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:202~~ (Obsolete source) MISC:http://www.zerodayinitiative.com/advisories/ZDI-13-210/ MISC:https://kc.mcafee.com/corporate/index?page=content&id=SB10052 OVAL:oval:org.mitre.oval:def:19561 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561 REDHAT:RHSA-2013:1114 URL:http://rhn.redhat.com/errata/RHSA-2013-1114.html REDHAT:RHSA-2013:1115 URL:http://rhn.redhat.com/errata/RHSA-2013-1115.html SECTRACK:1028838 URL:http://www.securitytracker.com/id/1028838 SECUNIA:54134 URL:http://secunia.com/advisories/54134 SECUNIA:54185 URL:http://secunia.com/advisories/54185 SECUNIA:54207 URL:http://secunia.com/advisories/54207 SECUNIA:54211 URL:http://secunia.com/advisories/54211 SECUNIA:54323 URL:http://secunia.com/advisories/54323 SECUNIA:54432 URL:http://secunia.com/advisories/54432 SUSE:SUSE-SU-2013:1310 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html SUSE:openSUSE-SU-2013:1354 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html UBUNTU:USN-1910-1 URL:http://www.ubuntu.com/usn/USN-1910-1 XF:isc-bind-cve20134854-dos(86004) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
Assigning CNA
MITRE Corporation
Date Record Created
20130716	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130716)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)