var-201303-0312
Vulnerability from variot
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. The following are affected: ISC BIND 9.7.x ISC BIND 9.8.0 through versions 9.8.5-b1 ISC BIND 9.9.0 through versions 9.9.3-b1.
Release Date: 2013-04-30 Last Updated: 2013-04-30
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). HP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.2.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-2266 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided an updated version of the BIND service to resolve this vulnerability. This early release depot will be replaced by the June 2013 Web Upgrade, which is functionally identical. This update is available from the following location ftp://srt01148:te_UH7ei@ftp.usa.hp.com
BIND 9.7.3 for HP-UX Release Depot Name
B.11.31 (PA and IA) bind973.depot
MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.7.3 HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.2.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 30 April 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze10.
For the testing distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1.
For the unstable distribution (sid), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu1.
We recommend that you upgrade your bind9 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: bind security and bug fix update Advisory ID: RHSA-2013:0689-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0689.html Issue date: 2013-03-28 CVE Names: CVE-2013-2266 =====================================================================
- Summary:
Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266)
Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records.
This update also fixes the following bug:
- Previously, rebuilding the bind-dyndb-ldap source RPM failed with a "/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or directory" error. (BZ#928439)
All bind users are advised to upgrade to these updated packages, which contain patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS 928439 - building bind-dyndb-ldap error: dns/rrl.h: No such file or directory
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm
ppc64: bind-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm
s390x: bind-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.s390x.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm
i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-2266.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2013-2266
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRVMLdXlSAg2UNWIIRAsZfAKCyin6VjKh+MJwZjqJ0tn2+ayZTygCdEwWJ SMtY22xlYL6dxJ9RgKwa9Q0= =/8r6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 https://kb.isc.org/article/AA-00871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.8.4_P2-i486-1_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.8.4_P2-i486-1_slack12.2.tgz
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.8.4_P2-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.8.4_P2-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.8.4_P2-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.2_P2-x86_64-1_slack14.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.2_P2-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.2_P2-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 12.1 package: bcf111a9a9526482ae8dea688755c889 bind-9.8.4_P2-i486-1_slack12.1.tgz
Slackware 12.2 package: ac7dd818bacdb8ba270ec7d21190a581 bind-9.8.4_P2-i486-1_slack12.2.tgz
Slackware 13.0 package: 5d4bb658b7b8fdc01ae74275e1ff0b20 bind-9.8.4_P2-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: d7a20fdcbc112a724ee33279a0e1aacb bind-9.8.4_P2-x86_64-1_slack13.0.txz
Slackware 13.1 package: 0ecbcf1b1ff849b906770266ee6b2264 bind-9.8.4_P2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 0bd611fc2026a964b499a954d9abfb05 bind-9.8.4_P2-x86_64-1_slack13.1.txz
Slackware 13.37 package: f1cf2f258f710c63c7f6456dd1487a3e bind-9.8.4_P2-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: cbeb80303f92f9d745600be0cac3b820 bind-9.8.4_P2-x86_64-1_slack13.37.txz
Slackware 14.0 package: 519d4a66bc1df3b5508f8ed6f2f5abc1 bind-9.9.2_P2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dd2320d76994dd0bb085e2cf6a86a86f bind-9.9.2_P2-x86_64-1_slack14.0.txz
Slackware -current package: 0d7ff93b20cc99cff691e40c8847ab58 n/bind-9.9.2_P2-i486-1.txz
Slackware x86_64 -current package: 42b6641fc5c041c51c65551f256fb847 n/bind-9.9.2_P2-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg bind-9.9.2_P2-i486-1_slack14.0.txz
Then, restart the name server:
/etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1) 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE) 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7) 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2) CVE Name: CVE-2013-2266
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
II. This affects both recursive and authoritative servers.
III. Impact
A remote attacker can cause the named(8) daemon to consume all available memory and crash, resulting in a denial of service. Applications linked with the libdns library, for instance dig(1), may also be affected.
IV. Workaround
No workaround is available, but systems not running named(8) service and not using base system DNS utilities are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
gpg --verify bind.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
Branch/path Revision
stable/8/ r248807 stable/9/ r248808 releng/9.0/ r249029 releng/9.1/ r249029
VII. ============================================================================ Ubuntu Security Notice USN-1783-1 March 29, 2013
bind9 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
Bind could be made to consume memory or crash if it received specially crafted network traffic.
Software Description: - bind9: Internet Domain Name Server
Details:
Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. This issue was corrected by disabling RDATA regular expression syntax checking.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.2 libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.2
Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.6 libdns81 1:9.8.1.dfsg.P1-4ubuntu0.6
Ubuntu 11.10: bind9 1:9.7.3.dfsg-1ubuntu4.6 libdns69 1:9.7.3.dfsg-1ubuntu4.6
Ubuntu 10.04 LTS: bind9 1:9.7.0.dfsg.P1-1ubuntu0.9 libdns64 1:9.7.0.dfsg.P1-1ubuntu0.9
In general, a standard system update will make all the necessary changes. (Windows versions are not affected. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine.
Please Note: Versions of BIND 9.7 are beyond their "end of life" (EOL) and no longer receive testing or security fixes from ISC. However, the re-compilation method described in the "Workarounds" section of this document will prevent exploitation in BIND 9.7 as well as in currently supported versions.
For current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions.
Additional information is available in the CVE-2013-2266 FAQ and Supplemental Information article in the ISC Knowledge base, https://kb.isc.org/article/AA-00879. Additionally, other services which run on the same physical machine as an affected BIND server could be compromised as well through exhaustion of system memory.
Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition. Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Workarounds:
Patched versions are available (see the "Solutions:" section below) or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support.
Compilation without regular expression support:
BIND 9.7 (all versions), BIND 9.8 (9.8.0 through 9.8.5b1), and BIND 9.9 (9.9.0 through 9.9.3b1) can be rendered completely safe from this bug by re-compiling the source with regular expression support disabled. In order to disable inclusion of regular expression support:
After configuring BIND features as desired using the configure script in the top level source directory, manually edit the "config.h" header file that was produced by the configure script.
Locate the line that reads "#define HAVE_REGEX_H 1" and replace the contents of that line with "#undef HAVE_REGEX_H".
Run "make clean" to remove any previously compiled object files from the BIND 9 source directory, then proceed to make and install BIND normally.
Active exploits:
No known active exploits.
Solution:
Compile BIND 9 without regular expression support as described in the "Workarounds" section of this advisory or upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads/all. for discovering this bug and bringing it to our attention
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201303-0312", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "bind", "scope": "eq", "trust": 1.6, "vendor": "isc", "version": "9.7.0" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.8.4" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.7.4" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.7.2" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.9.2" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.9.1" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.9.0" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.8.3" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.7.6" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.7.3" }, { "model": "bind", "scope": "eq", "trust": 1.3, "vendor": "isc", "version": "9.7.1" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.9.3" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.7.5" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.8.0" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.8.1" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.8.2" }, { "model": "bind", "scope": "eq", "trust": 1.0, "vendor": "isc", "version": "9.8.5" }, { "model": "bind", "scope": "lt", "trust": 0.8, "vendor": "isc", "version": "9.9.3" }, { "model": "bind", "scope": "lt", "trust": 0.8, "vendor": "isc", "version": "9.9.x" }, { "model": "bind", "scope": "eq", "trust": 0.8, "vendor": "isc", "version": "9.9.3b2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.8 to v10.8.4" }, { "model": "bind", "scope": "eq", "trust": 0.8, "vendor": "isc", "version": "9.8.4-p2" }, { "model": "bind", "scope": "eq", "trust": 0.8, "vendor": "isc", "version": "9.8.5b2" }, { "model": "bind", "scope": "eq", "trust": 0.8, "vendor": "isc", "version": "9.7.x" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.5" }, { "model": "bind", "scope": "eq", "trust": 0.8, "vendor": "isc", "version": "9.9.2-p2" }, { "model": "bind", "scope": "lt", "trust": 0.8, "vendor": "isc", "version": "9.8.5" }, { "model": "bind", "scope": "lt", "trust": 0.8, "vendor": "isc", "version": "9.8.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.5" }, { "model": "bind p1", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.7.1" }, { "model": "bind p2", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.7.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "firewall enterprise", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "8.3.1" }, { "model": "firewall enterprise 8.2.1p04", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "firewall enterprise 8.2.1p03", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "firewall enterprise", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "8.2.1" }, { "model": "firewall enterprise", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.1.03" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.8" }, { "model": "bind 9.9.3-b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.9.2-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.9.1-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.9.1-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.9.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.9.1-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.5-b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.4-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.3-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.3-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.3-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.3-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.1b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.1-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.0-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.0-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.0-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.0-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.7" }, { "model": "bind 9.7.6-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.6-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.6-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.6-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.4b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.4-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.3-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.3-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.3-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.2-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.2-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.7.0-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "bind 9.9.2-p2", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.8.4-p2", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": null }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "1.8" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "1.6" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip wom hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip wom hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.80" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip webaccelerator hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip webaccelerator hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip webaccelerator hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.5" }, { "model": "big-ip psm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip psm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip pem hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.6.1" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.0" }, { "model": "big-ip ltm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.80" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.2.2" }, { "model": "big-ip link controller hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.2.2" }, { "model": "big-ip gtm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip gtm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip gtm hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip edge gateway hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip edge gateway hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip edge gateway hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.4.80" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "9.2" }, { "model": "big-ip asm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip asm hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip analytics hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip analytics hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf7", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip afm hf4", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" } ], "sources": [ { "db": "BID", "id": "58736" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-2266" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Horsfall of Dyn, Inc.", "sources": [ { "db": "BID", "id": "58736" } ], "trust": 0.3 }, "cve": "CVE-2013-2266", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2013-2266", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-2266", "trust": 1.8, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2013-2266", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. \nThe following are affected:\nISC BIND 9.7.x\nISC BIND 9.8.0 through versions 9.8.5-b1\nISC BIND 9.9.0 through versions 9.9.3-b1. \n\nRelease Date: 2013-04-30\nLast Updated: 2013-04-30\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nBIND. This vulnerability could be exploited remotely to create a Denial of\nService (DoS). \nHP-UX B.11.31 running BIND 9.7.3 prior to C.9.7.3.2.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-2266 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of the BIND service to resolve this\nvulnerability. This early release depot will be replaced by the June 2013 Web\nUpgrade, which is functionally identical. \nThis update is available from the following location\nftp://srt01148:te_UH7ei@ftp.usa.hp.com\n\nBIND 9.7.3 for HP-UX Release\n Depot Name\n\nB.11.31 (PA and IA)\n bind973.depot\n\nMANUAL ACTIONS: Yes - Update\nDownload and install the software update\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor BIND 9.7.3\nHP-UX B.11.31\n==================\nNameService.BIND-AUX\nNameService.BIND-RUN\naction: install revision C.9.7.3.2.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 30 April 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze10. \n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu1. \n\nWe recommend that you upgrade your bind9 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: bind security and bug fix update\nAdvisory ID: RHSA-2013:0689-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0689.html\nIssue date: 2013-03-28\nCVE Names: CVE-2013-2266 \n=====================================================================\n\n1. Summary:\n\nUpdated bind packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server (named); a\nresolver library (routines for applications to use when interfacing with\nDNS); and tools for verifying that the DNS server is operating correctly. \n\nA denial of service flaw was found in the libdns library. A remote attacker\ncould use this flaw to send a specially-crafted DNS query to named that,\nwhen processed, would cause named to use an excessive amount of memory, or\npossibly crash. (CVE-2013-2266)\n\nNote: This update disables the syntax checking of NAPTR (Naming Authority\nPointer) resource records. \n\nThis update also fixes the following bug:\n\n* Previously, rebuilding the bind-dyndb-ldap source RPM failed with a\n\"/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or\ndirectory\" error. (BZ#928439)\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain patches to correct these issues. After installing the update, the\nBIND daemon (named) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n928027 - CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS\n928439 - building bind-dyndb-ldap error: dns/rrl.h: No such file or directory\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nppc64:\nbind-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.ppc.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.s390.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.ppc.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.s390.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.17.rc1.el6_4.4.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2266.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttp://www.isc.org/software/bind/advisories/cve-2013-2266\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRVMLdXlSAg2UNWIIRAsZfAKCyin6VjKh+MJwZjqJ0tn2+ayZTygCdEwWJ\nSMtY22xlYL6dxJ9RgKwa9Q0=\n=/8r6\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n+--------------------------+\npatches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266\n https://kb.isc.org/article/AA-00871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.8.4_P2-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.8.4_P2-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.8.4_P2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.8.4_P2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.8.4_P2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.8.4_P2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.2_P2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.2_P2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.2_P2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.2_P2-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 12.1 package:\nbcf111a9a9526482ae8dea688755c889 bind-9.8.4_P2-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nac7dd818bacdb8ba270ec7d21190a581 bind-9.8.4_P2-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n5d4bb658b7b8fdc01ae74275e1ff0b20 bind-9.8.4_P2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd7a20fdcbc112a724ee33279a0e1aacb bind-9.8.4_P2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n0ecbcf1b1ff849b906770266ee6b2264 bind-9.8.4_P2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n0bd611fc2026a964b499a954d9abfb05 bind-9.8.4_P2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nf1cf2f258f710c63c7f6456dd1487a3e bind-9.8.4_P2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\ncbeb80303f92f9d745600be0cac3b820 bind-9.8.4_P2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n519d4a66bc1df3b5508f8ed6f2f5abc1 bind-9.9.2_P2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndd2320d76994dd0bb085e2cf6a86a86f bind-9.9.2_P2-x86_64-1_slack14.0.txz\n\nSlackware -current package:\n0d7ff93b20cc99cff691e40c8847ab58 n/bind-9.9.2_P2-i486-1.txz\n\nSlackware x86_64 -current package:\n42b6641fc5c041c51c65551f256fb847 n/bind-9.9.2_P2-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg bind-9.9.2_P2-i486-1_slack14.0.txz\n\nThen, restart the name server:\n\n# /etc/rc.d/rc.bind restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \nAffects: FreeBSD 8.4-BETA1 and FreeBSD 9.x\nCorrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)\n 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)\n 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)\n 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)\nCVE Name: CVE-2013-2266\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. The libdns\nlibrary is a library of DNS protocol support functions. \n\nII. This\naffects both recursive and authoritative servers. \n\nIII. Impact\n\nA remote attacker can cause the named(8) daemon to consume all available\nmemory and crash, resulting in a denial of service. Applications linked\nwith the libdns library, for instance dig(1), may also be affected. \n\nIV. Workaround\n\nNo workaround is available, but systems not running named(8) service\nand not using base system DNS utilities are not affected. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch\n# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc\n# gpg --verify bind.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r248807\nstable/9/ r248808\nreleng/9.0/ r249029\nreleng/9.1/ r249029\n- -------------------------------------------------------------------------\n\nVII. ============================================================================\nUbuntu Security Notice USN-1783-1\nMarch 29, 2013\n\nbind9 vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nBind could be made to consume memory or crash if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nMatthew Horsfall discovered that Bind incorrectly handled regular\nexpression checking. This issue was corrected by disabling RDATA regular expression\nsyntax checking. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.10:\n bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.2\n libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.2\n\nUbuntu 12.04 LTS:\n bind9 1:9.8.1.dfsg.P1-4ubuntu0.6\n libdns81 1:9.8.1.dfsg.P1-4ubuntu0.6\n\nUbuntu 11.10:\n bind9 1:9.7.3.dfsg-1ubuntu4.6\n libdns69 1:9.7.3.dfsg-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n bind9 1:9.7.0.dfsg.P1-1ubuntu0.9\n libdns64 1:9.7.0.dfsg.P1-1ubuntu0.9\n\nIn general, a standard system update will make all the necessary changes. (Windows versions are not affected. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine. \n\nPlease Note: Versions of BIND 9.7 are beyond their \"end of life\" (EOL) and no longer receive testing or security fixes from ISC. However, the re-compilation method described in the \"Workarounds\" section of this document will prevent exploitation in BIND 9.7 as well as in currently supported versions. \n\nFor current information on which versions are actively supported, please see http://www.isc.org/software/bind/versions. \n\nAdditional information is available in the CVE-2013-2266 FAQ and Supplemental Information article in the ISC Knowledge base, https://kb.isc.org/article/AA-00879. Additionally, other services which run on the same physical machine as an affected BIND server could be compromised as well through exhaustion of system memory. \n\nPrograms using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition. Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used. \n\nCVSS Score: 7.8\n\nCVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\nFor more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculator\u0026adv\u0026version=2\u0026vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\nWorkarounds:\n\nPatched versions are available (see the \"Solutions:\" section below) or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support. \n\nCompilation without regular expression support:\n\nBIND 9.7 (all versions), BIND 9.8 (9.8.0 through 9.8.5b1), and BIND 9.9 (9.9.0 through 9.9.3b1) can be rendered completely safe from this bug by re-compiling the source with regular expression support disabled. In order to disable inclusion of regular expression support:\n\n After configuring BIND features as desired using the configure script in the top level source directory, manually edit the \"config.h\" header file that was produced by the configure script. \n\n Locate the line that reads \"#define HAVE_REGEX_H 1\" and replace the contents of that line with \"#undef HAVE_REGEX_H\". \n Run \"make clean\" to remove any previously compiled object files from the BIND 9 source directory, then proceed to make and install BIND normally. \n\nActive exploits:\n\nNo known active exploits. \n\nSolution: \n\nCompile BIND 9 without regular expression support as described in the \"Workarounds\" section of this advisory or upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads/all. for discovering this bug and bringing it to our attention", "sources": [ { "db": "NVD", "id": "CVE-2013-2266" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "BID", "id": "58736" }, { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "PACKETSTORM", "id": "121569" }, { "db": "PACKETSTORM", "id": "121028" }, { "db": "PACKETSTORM", "id": "121004" }, { "db": "PACKETSTORM", "id": "120977" }, { "db": "PACKETSTORM", "id": "121059" }, { "db": "PACKETSTORM", "id": "121017" }, { "db": "PACKETSTORM", "id": "120975" }, { "db": "PACKETSTORM", "id": "121002" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-2266", "trust": 3.0 }, { "db": "BID", "id": "58736", "trust": 1.4 }, { "db": "ISC", "id": "AA-00871", "trust": 1.3 }, { "db": "ISC", "id": "AA-00879", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2013-002075", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2013-2266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121569", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121028", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121004", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "120977", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121059", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121017", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "120975", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121002", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "BID", "id": "58736" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "PACKETSTORM", "id": "121569" }, { "db": "PACKETSTORM", "id": "121028" }, { "db": "PACKETSTORM", "id": "121004" }, { "db": "PACKETSTORM", "id": "120977" }, { "db": "PACKETSTORM", "id": "121059" }, { "db": "PACKETSTORM", "id": "121017" }, { "db": "PACKETSTORM", "id": "120975" }, { "db": "PACKETSTORM", "id": "121002" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "id": "VAR-201303-0312", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44374704200000004 }, "last_update_date": "2024-07-22T21:39:28.977000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-09-12-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html" }, { "title": "HT5880", "trust": 0.8, "url": "http://support.apple.com/kb/ht5880" }, { "title": "HT5880", "trust": 0.8, "url": "http://support.apple.com/kb/ht5880?viewlocale=ja_jp" }, { "title": "DSA-2656", "trust": 0.8, "url": "http://www.debian.org/security/2013/dsa-2656" }, { "title": "FEDORA-2013-4533", "trust": 0.8, "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-april/101603.html" }, { "title": "FEDORA-2013-4525", "trust": 0.8, "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-april/101500.html" }, { "title": "HPSBUX02876 SSRT101148", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c03750073" }, { "title": "A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named", "trust": 0.8, "url": "http://www.isc.org/software/bind/advisories/cve-2013-2266" }, { "title": "BIND 9.9.2-P2", "trust": 0.8, "url": "https://www.isc.org/software/bind/992-p2" }, { "title": "BIND 9.8.4-P2", "trust": 0.8, "url": "https://www.isc.org/software/bind/984-p2" }, { "title": "CVE-2013-2266: FAQ and Supplemental Information", "trust": 0.8, "url": "https://kb.isc.org/article/aa-00879/" }, { "title": "CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named", "trust": 0.8, "url": "https://kb.isc.org/article/aa-00871/" }, { "title": "CVE-2013-2266 [JP]: \u4e0d\u6b63\u306b\u7d30\u5de5\u3055\u308c\u305f\u6b63\u898f\u8868\u73fe\u306b\u3088\u3063\u3066named\u304c\u30e1\u30e2\u30ea\u4e0d\u8db3\u306b\u306a\u308b", "trust": 0.8, "url": "https://kb.isc.org/article/aa-00881" }, { "title": "RHSA-2013:0690", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-0690.html" }, { "title": "RHSA-2013:0689", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2013-0689.html" }, { "title": "USN-1783-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-1783-1" }, { "title": "Red Hat: Important: bind97 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20130690 - security advisory" }, { "title": "Red Hat: Important: bind security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20130689 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: CVE-2013-2266", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ce9346ea3ea8bc38b5a8f240aadc63ad" }, { "title": "Debian Security Advisories: DSA-2656-1 bind9 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2301cf18a199518ef55a5962b8bf2d8f" }, { "title": "Ubuntu Security Notice: bind9 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1783-1" }, { "title": "Debian CVElist Bug Report Logs: bind9: CVE-2012-5689", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4c4483f2e7e7c504072dc3dc6ef8958d" }, { "title": "Amazon Linux AMI: ALAS-2013-176", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2013-176" }, { "title": "Red Hat: CVE-2013-2266", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2013-2266" } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://support.apple.com/kb/ht5880" }, { "trust": 1.3, "url": "http://www.isc.org/software/bind/advisories/cve-2013-2266" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-0690.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-1783-1" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2013-0689.html" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-00879/" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-00871/" }, { "trust": 1.1, "url": "http://www.debian.org/security/2013/dsa-2656" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136804614120794\u0026w=2" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-april/101603.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-april/101500.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/58736" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1244" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19579" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2266" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20130328-bind.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2013/at130017.txt" }, { "trust": 0.8, "url": "http://www.nic.ad.jp/ja/topics/2013/20130327-01.html" }, { "trust": 0.8, "url": "http://jprs.jp/tech/security/2013-03-27-bind9-vuln-regexp.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2266" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2266" }, { "trust": 0.3, "url": "http://www.isc.org/products/bind/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100171618" }, { "trust": 0.3, "url": "msg://bugtraq/201304021804.r32i4b2i046008@freefall.freebsd.org" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb77902" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14386.html" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-2266.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://kb.isc.org/article/aa-00871" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2013:0690" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=28730" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1783-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2013-2266" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-13:04/bind.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-13:04.bind.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-13:04/bind.patch" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.p1-1ubuntu0.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4.2ubuntu3.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4ubuntu0.6" }, { "trust": 0.1, "url": "http://nvd.nist.gov/cvss.cfm?calculator\u0026adv\u0026version=2\u0026vector=(av:n/ac:l/au:n/c:n/i:n/a:c)" }, { "trust": 0.1, "url": "http://www.isc.org/downloads/all." }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-00879." }, { "trust": 0.1, "url": "http://www.isc.org/software/bind/versions." } ], "sources": [ { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "BID", "id": "58736" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "PACKETSTORM", "id": "121569" }, { "db": "PACKETSTORM", "id": "121028" }, { "db": "PACKETSTORM", "id": "121004" }, { "db": "PACKETSTORM", "id": "120977" }, { "db": "PACKETSTORM", "id": "121059" }, { "db": "PACKETSTORM", "id": "121017" }, { "db": "PACKETSTORM", "id": "120975" }, { "db": "PACKETSTORM", "id": "121002" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2013-2266" }, { "db": "BID", "id": "58736" }, { "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "db": "PACKETSTORM", "id": "121569" }, { "db": "PACKETSTORM", "id": "121028" }, { "db": "PACKETSTORM", "id": "121004" }, { "db": "PACKETSTORM", "id": "120977" }, { "db": "PACKETSTORM", "id": "121059" }, { "db": "PACKETSTORM", "id": "121017" }, { "db": "PACKETSTORM", "id": "120975" }, { "db": "PACKETSTORM", "id": "121002" }, { "db": "NVD", "id": "CVE-2013-2266" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-28T00:00:00", "db": "VULMON", "id": "CVE-2013-2266" }, { "date": "2013-03-26T00:00:00", "db": "BID", "id": "58736" }, { "date": "2013-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "date": "2013-05-08T19:22:00", "db": "PACKETSTORM", "id": "121569" }, { "date": "2013-03-31T19:22:00", "db": "PACKETSTORM", "id": "121028" }, { "date": "2013-03-29T01:47:48", "db": "PACKETSTORM", "id": "121004" }, { "date": "2013-03-28T02:08:54", "db": "PACKETSTORM", "id": "120977" }, { "date": "2013-04-03T18:22:22", "db": "PACKETSTORM", "id": "121059" }, { "date": "2013-03-30T01:53:40", "db": "PACKETSTORM", "id": "121017" }, { "date": "2013-03-27T15:55:55", "db": "PACKETSTORM", "id": "120975" }, { "date": "2013-03-29T01:47:27", "db": "PACKETSTORM", "id": "121002" }, { "date": "2013-03-28T16:55:01.040000", "db": "NVD", "id": "CVE-2013-2266" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2013-2266" }, { "date": "2015-04-13T21:48:00", "db": "BID", "id": "58736" }, { "date": "2013-11-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-002075" }, { "date": "2018-10-30T16:27:02.577000", "db": "NVD", "id": "CVE-2013-2266" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "121028" }, { "db": "PACKETSTORM", "id": "121004" }, { "db": "PACKETSTORM", "id": "121017" }, { "db": "PACKETSTORM", "id": "121002" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "UNIX On the platform ISC BIND Service disruption in ( Memory consumption ) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-002075" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "58736" } ], "trust": 0.3 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.