CVE-2013-2266

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

References

http://linux.oracle.com/errata/ELSA-2014-1244

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html

http://marc.info/?l=bugtraq&m=136804614120794&w=2

http://rhn.redhat.com/errata/RHSA-2013-0689.html

http://rhn.redhat.com/errata/RHSA-2013-0690.html

http://support.apple.com/kb/HT5880

http://www.debian.org/security/2013/dsa-2656

http://www.isc.org/software/bind/advisories/cve-2013-2266

http://www.securityfocus.com/bid/58736

http://www.ubuntu.com/usn/USN-1783-1

https://kb.isc.org/article/AA-00871/

https://kb.isc.org/article/AA-00879/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19579

Details

Source: MITRE

Published: 2013-03-28

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
147379NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2021-0017)NessusNewStart CGSL Local Security Checks
critical
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
80247OracleVM 3.3 : bind (OVMSA-2014-0084)NessusOracleVM Local Security Checks
high
78148F5 Networks BIG-IP : BIND vulnerability (K14386)NessusF5 Networks Local Security Checks
high
74959openSUSE Security Update : dhcp (openSUSE-SU-2013:0619-1)NessusSuSE Local Security Checks
high
74958openSUSE Security Update : dhcp (openSUSE-SU-2013:0620-1)NessusSuSE Local Security Checks
high
74954openSUSE Security Update : bind (openSUSE-2013-297)NessusSuSE Local Security Checks
high
74953openSUSE Security Update : bind (openSUSE-SU-2013:0605-1)NessusSuSE Local Security Checks
high
72208GLSA-201401-34 : BIND: Denial of ServiceNessusGentoo Local Security Checks
high
8008Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)Nessus Network MonitorWeb Clients
critical
69878Mac OS X Multiple Vulnerabilities (Security Update 2013-004)NessusMacOS X Local Security Checks
critical
69877Mac OS X 10.8.x < 10.8.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
69735Amazon Linux AMI : bind (ALAS-2013-176)NessusAmazon Linux Local Security Checks
high
68800Oracle Linux 5 : bind97 (ELSA-2013-0690)NessusOracle Linux Local Security Checks
high
68799Oracle Linux 6 : bind (ELSA-2013-0689)NessusOracle Linux Local Security Checks
high
67098CentOS 6 : bind (CESA-2013:0689)NessusCentOS Local Security Checks
high
6811ISC BIND 9 libdns Regular Expressions Handling DoSNessus Network MonitorDNS Servers
high
66072Mandriva Linux Security Advisory : bind (MDVSA-2013:058)NessusMandriva Local Security Checks
high
66020SuSE 11.2 Security Update : dhcp (SAT Patch Number 7571)NessusSuSE Local Security Checks
high
65844FreeBSD : dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion (7a282e49-95b6-11e2-8433-0800273fe665)NessusFreeBSD Local Security Checks
high
65840FreeBSD : FreeBSD -- BIND remote denial of service (13031d98-9bd1-11e2-a7be-8c705af55518)NessusFreeBSD Local Security Checks
high
65832Fedora 17 : bind-9.9.2-7.P2.fc17 (2013-4533)NessusFedora Local Security Checks
high
65826Fedora 18 : bind-9.9.2-10.P2.fc18 (2013-4525)NessusFedora Local Security Checks
high
65763Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : bind9 vulnerability (USN-1783-1)NessusUbuntu Local Security Checks
high
65762Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20130328)NessusScientific Linux Local Security Checks
high
65761Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20130328)NessusScientific Linux Local Security Checks
high
65744Debian DSA-2656-1 : bind9 - denial of serviceNessusDebian Local Security Checks
high
65736ISC BIND 9 libdns Regular Expression Handling DoSNessusDNS
high
65729RHEL 5 : bind97 (RHSA-2013:0690)NessusRed Hat Local Security Checks
high
65728RHEL 6 : bind (RHSA-2013:0689)NessusRed Hat Local Security Checks
high
65726CentOS 5 : bind97 (CESA-2013:0690)NessusCentOS Local Security Checks
high
65706Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : dhcp (SSA:2013-086-02)NessusSlackware Local Security Checks
high
65705Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2013-086-01)NessusSlackware Local Security Checks
high