FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-4854

This CVE name corresponds to:

Entered Topic
2013-07-26 bind -- denial of service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-4854
Phase Assigned(20130716)

Description

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

References

Source Reference
BUGTRAQ 20130806 [slackware-security] bind (SSA:2013-218-01)
MISC http://www.zerodayinitiative.com/advisories/ZDI-13-210/
MISC https://kc.mcafee.com/corporate/index?page=content&id=SB10052
CONFIRM https://kb.isc.org/article/AA-01015
CONFIRM https://kb.isc.org/article/AA-01016
CONFIRM https://support.apple.com/kb/HT6536
APPLE APPLE-SA-2014-10-16-3
FEDORA FEDORA-2013-13831
FEDORA FEDORA-2013-13863
FREEBSD FreeBSD-SA-13:07
HP HPSBUX02926
HP SSRT101281
MANDRIVA MDVSA-2013:202
REDHAT RHSA-2013:1114
REDHAT RHSA-2013:1115
SUSE SUSE-SU-2013:1310
SUSE openSUSE-SU-2013:1354
BID 61479
OVAL oval:org.mitre.oval:def:19561
SECTRACK 1028838
SECUNIA 54432
SECUNIA 54207
SECUNIA 54134
SECUNIA 54185
SECUNIA 54211
SECUNIA 54323
XF isc-bind-cve20134854-dos(86004)