Vulnerabilities > CVE-2013-2266 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ISC Bind

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

isc

CWE-119

nessus

NVD

Published: 2013-03-28

Updated: 2018-10-30

Summary

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Vulnerable Configurations

Part	Description	Count
Application	Isc ISC Bind 9.9.0 ISC Bind 9.9.1 ISC Bind 9.9.2 ISC Bind 9.9.3 ISC Bind 9.7.0 ISC Bind 9.7.1 ISC Bind 9.7.2 ISC Bind 9.7.3 ISC Bind 9.7.4 ISC Bind 9.7.5 ISC Bind 9.7.6 ISC Bind 9.8.0 ISC Bind 9.8.1 ISC Bind 9.8.2 ISC Bind 9.8.3 ISC Bind 9.8.4 ISC Bind 9.8.5	68

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0690.NASL
description	Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	65726
published	2013-03-29
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65726
title	CentOS 5 : bind97 (CESA-2013:0690)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0690 and # CentOS Errata and Security Advisory 2013:0690 respectively. # include("compat.inc"); if (description) { script_id(65726); script_version("1.12"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-2266"); script_bugtraq_id(58736); script_xref(name:"RHSA", value:"2013:0690"); script_name(english:"CentOS 5 : bind97 (CESA-2013:0690)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019671.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5a6226df" ); script_set_attribute( attribute:"solution", value:"Update the affected bind97 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2266"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind97"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind97-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind97-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind97-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind97-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/28"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"bind97-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"bind97-chroot-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"bind97-devel-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"bind97-libs-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"CentOS-5", reference:"bind97-utils-9.7.0-17.P2.el5_9.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind97 / bind97-chroot / bind97-devel / bind97-libs / bind97-utils"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0690.NASL
description	Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	65729
published	2013-03-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65729
title	RHEL 5 : bind97 (RHSA-2013:0690)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0690. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(65729); script_version("1.18"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-2266"); script_bugtraq_id(58736); script_xref(name:"RHSA", value:"2013:0690"); script_name(english:"RHEL 5 : bind97 (RHSA-2013:0690)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"http://www.isc.org/software/bind/advisories/cve-2013-2266" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0690" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-2266" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0690"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-chroot-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-chroot-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-chroot-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-debuginfo-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-devel-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-libs-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-utils-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-utils-9.7.0-17.P2.el5_9.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-utils-9.7.0-17.P2.el5_9.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind97 / bind97-chroot / bind97-debuginfo / bind97-devel / etc"); } }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2013-004.NASL
description	The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	69878
published	2013-09-13
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69878
title	Mac OS X Multiple Vulnerabilities (Security Update 2013-004)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69878); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1030", "CVE-2013-1032", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2020", "CVE-2013-2021", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 59434, 60118, 60268, 60411, 62370, 62371, 62373, 62375, 62377 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2013-004)"); script_summary(english:"Check for the presence of Security Update 2013-004"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Install Security Update 2013-004 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.[67]([^0-9]\|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.6 / 10.7"); else if ("Mac OS X 10.6" >< os && !ereg(pattern:"Mac OS X 10\.6($\|\.[0-8]([^0-9]\|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Snow Leopard later than 10.6.8."); else if ("Mac OS X 10.7" >< os && !ereg(pattern:"Mac OS X 10\.7($\|\.[0-5]([^0-9]\|$))", string:os)) exit(0, "The remote host uses a version of Mac OS X Lion later than 10.7.5."); packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); if ( egrep(pattern:"^com\.apple\.pkg\.update\.security(\.10\.[6-8]\..+)?\.(2013\.00[4-9]\|201[4-9]\.[0-9]+)(\.(snowleopard[0-9.]*\|lion))?\.bom", string:packages) ) exit(0, "The host has Security Update 2013-004 or later installed and is therefore not affected."); else { set_kb_item(name:"www/0/XSS", value:TRUE); if (report_verbosity > 0) { security_boms = egrep(pattern:"^com\.apple\.pkg\.update\.security", string:packages); report = '\n Installed security BOMs : '; if (security_boms) report += str_replace(find:'\n', replace:'\n ', string:security_boms); else report += 'n/a'; report += '\n'; security_hole(port:0, extra:report); } else security_hole(0); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_8_5.NASL
description	The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	69877
published	2013-09-13
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69877
title	Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69877); script_version("1.18"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2012-0883", "CVE-2012-2686", "CVE-2012-2687", "CVE-2012-3499", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-4558", "CVE-2012-5166", "CVE-2012-5688", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-1025", "CVE-2013-1026", "CVE-2013-1027", "CVE-2013-1028", "CVE-2013-1029", "CVE-2013-1030", "CVE-2013-1031", "CVE-2013-1032", "CVE-2013-1033", "CVE-2013-1635", "CVE-2013-1643", "CVE-2013-1775", "CVE-2013-1824", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2110", "CVE-2013-2266" ); script_bugtraq_id( 53046, 54658, 55131, 55522, 55852, 56817, 57755, 57778, 58165, 58203, 58224, 58736, 58766, 58876, 58877, 58878, 58879, 58882, 60268, 60411, 62368, 62369, 62370, 62371, 62373, 62374, 62375, 62377, 62378, 62381, 62382 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-09-12-1"); script_name(english:"Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5880"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/528594/30/0/threaded"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.8.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Sudo Password Bypass'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/13"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (ereg(pattern:"Mac OS X 10\.8($\|\.[0-4]([^0-9]\|$))", string:os)) { set_kb_item(name:"www/0/XSS", value:TRUE); security_hole(0); } else exit(0, "The host is not affected as it is running "+os+".");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-302.NASL
description	ISC DHCP was updated to ISC dhcp-4.2.5-P1 release, which contains updated bind-9.8.4-P2 sources with removed regex.h check in configure (bnc#811934, CVE-2013-2266). Also: Changed spec make the bind export library build output visible. Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) Update config.guess/sub for aarch64
last seen	2020-06-05
modified	2014-06-13
plugin id	74958
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74958
title	openSUSE Security Update : dhcp (openSUSE-SU-2013:0620-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-302. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74958); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2266"); script_name(english:"openSUSE Security Update : dhcp (openSUSE-SU-2013:0620-1)"); script_summary(english:"Check for the openSUSE-2013-302 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "ISC DHCP was updated to ISC dhcp-4.2.5-P1 release, which contains updated bind-9.8.4-P2 sources with removed regex.h check in configure (bnc#811934, CVE-2013-2266). Also: Changed spec make the bind export library build output visible. Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) Update config.guess/sub for aarch64" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=783002" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=811934" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-04/msg00038.html" ); script_set_attribute(attribute:"solution", value:"Update the affected dhcp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-relay"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-relay-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dhcp-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-client-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-client-debuginfo-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-debuginfo-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-debugsource-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-devel-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-relay-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-relay-debuginfo-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-server-4.2.5.P1-0.2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"dhcp-server-debuginfo-4.2.5.P1-0.2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-296.NASL
description	bind was updated to 9.8.4-P2 to fix security problems and bugs. Security Fixes Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876) Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (Note that this fix is a subset of a series of updates that will be included in full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes [CVE-2012-4244] [RT #30416] Prevents a named assert (crash) when validating caused by using
last seen	2020-06-05
modified	2014-06-13
plugin id	74953
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74953
title	openSUSE Security Update : bind (openSUSE-SU-2013:0605-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-058.NASL
description	A security issue was identified and fixed in ISC BIND : libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process (CVE-2013-2266). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	66072
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66072
title	Mandriva Linux Security Advisory : bind (MDVSA-2013:058)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4533.NASL
description	Bind-dyndb-ldap was updated to upstream version 2.6. Fixed BIND packages contain dns/rrl.h header necessary for building bind-dyndb-ldap. Fixed CVE-2013-2266. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-08
plugin id	65832
published	2013-04-08
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65832
title	Fedora 17 : bind-9.9.2-7.P2.fc17 (2013-4533)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2014-0084.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 (#1171973) - Use /dev/urandom when generating rndc.key file (#951255) - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	80247
published	2014-12-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/80247
title	OracleVM 3.3 : bind (OVMSA-2014-0084)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0746.NASL
description	An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman
last seen	2020-06-01
modified	2020-06-02
plugin id	78955
published	2014-11-08
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78955
title	RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130328_BIND_ON_SL6_X.NASL
description	A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug : - Previously, rebuilding the bind-dyndb-ldap source RPM failed with a
last seen	2020-03-18
modified	2013-04-01
plugin id	65762
published	2013-04-01
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65762
title	Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20130328)

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL14386.NASL
description	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. (CVE-2013-2266)
last seen	2020-06-01
modified	2020-06-02
plugin id	78148
published	2014-10-10
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78148
title	F5 Networks BIG-IP : BIND vulnerability (K14386)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_7A282E4995B611E284330800273FE665.NASL
description	ISC reports : A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
last seen	2020-06-01
modified	2020-06-02
plugin id	65844
published	2013-04-08
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65844
title	FreeBSD : dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion (7a282e49-95b6-11e2-8433-0800273fe665)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0689.NASL
description	Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug : * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a
last seen	2020-06-01
modified	2020-06-02
plugin id	65728
published	2013-03-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65728
title	RHEL 6 : bind (RHSA-2013:0689)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_DHCP-130327.NASL
description	The ISC DHCP server had a denial of service issue in handling specific DDNS requests which could cause a out of memory usage situation. (CVE-2013-2266) This update also adds a dhcp6-server service template for SuSEfirewall2. (bnc#783002)
last seen	2020-06-05
modified	2013-04-18
plugin id	66020
published	2013-04-18
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66020
title	SuSE 11.2 Security Update : dhcp (SAT Patch Number 7571)

NASL family	DNS
NASL id	BIND9_992_P2.NASL
description	According to its self-reported version number, the remote installation of BIND can be forced to crash via memory exhaustion caused by specially crafted regular expressions. Note this vulnerability only affects Unix and Unix-like systems when the application has been compiled to include regular expression support. Further note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.
last seen	2020-06-01
modified	2020-06-02
plugin id	65736
published	2013-03-29
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65736
title	ISC BIND 9 libdns Regular Expression Handling DoS

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-297.NASL
description	bind was updated to 9.9.2-P2, fixing a security issue in regular expression handling. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876)
last seen	2020-06-05
modified	2014-06-13
plugin id	74954
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74954
title	openSUSE Security Update : bind (openSUSE-2013-297)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-4525.NASL
description	New upstream patch version fixing CVE-2013-2266. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-04-07
plugin id	65826
published	2013-04-07
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65826
title	Fedora 18 : bind-9.9.2-10.P2.fc18 (2013-4525)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2013-176.NASL
description	A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266)
last seen	2020-06-01
modified	2020-06-02
plugin id	69735
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69735
title	Amazon Linux AMI : bind (ALAS-2013-176)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2020-0021.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
last seen	2020-06-10
modified	2020-06-05
plugin id	137170
published	2020-06-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137170
title	OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2013-086-01.NASL
description	New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	65705
published	2013-03-28
reporter	This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65705
title	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2013-086-01)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2656.NASL
description	Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.
last seen	2020-03-17
modified	2013-04-01
plugin id	65744
published	2013-04-01
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65744
title	Debian DSA-2656-1 : bind9 - denial of service

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0689.NASL
description	Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug : * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a
last seen	2020-06-01
modified	2020-06-02
plugin id	67098
published	2013-06-29
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67098
title	CentOS 6 : bind (CESA-2013:0689)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-059.NASL
description	A security issue was identified and fixed in ISC DHCP : libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266 (CVE-2013-2494). The updated packages have upgraded to the 4.2.5-P1 version which is not vulnerable to this issue
last seen	2020-06-01
modified	2020-06-02
plugin id	66073
published	2013-04-20
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/66073
title	Mandriva Linux Security Advisory : dhcp (MDVSA-2013:059)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-303.NASL
description	The ISC dhcp server was updated to fix a denial of service attack via regular expressions : - Removed regex.h check from configure in bind sources (bnc#811934, CVE-2013-2266). Make the bind export library build output visible. [dhcp-4.2.4-P2-no-bind-regex-check.CVE-2013-2266.diff] Also fixed : - Added dhcp6-server service template for SuSEfirewall2 (bnc#783002)
last seen	2020-06-05
modified	2014-06-13
plugin id	74959
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74959
title	openSUSE Security Update : dhcp (openSUSE-SU-2013:0619-1)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2017-0066.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
last seen	2020-06-01
modified	2020-06-02
plugin id	99569
published	2017-04-21
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99569
title	OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_13031D989BD111E2A7BE8C705AF55518.NASL
description	A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named(8) process. This affects both recursive and authoritative servers.
last seen	2020-06-01
modified	2020-06-02
plugin id	65840
published	2013-04-08
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65840
title	FreeBSD : FreeBSD -- BIND remote denial of service (13031d98-9bd1-11e2-a7be-8c705af55518)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0690.NASL
description	From Red Hat Security Advisory 2013:0690 : Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	68800
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68800
title	Oracle Linux 5 : bind97 (ELSA-2013-0690)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201401-34.NASL
description	The remote host is affected by the vulnerability described in GLSA-201401-34 (BIND: Denial of Service) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72208
published	2014-01-30
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/72208
title	GLSA-201401-34 : BIND: Denial of Service

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0689.NASL
description	From Red Hat Security Advisory 2013:0689 : Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug : * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a
last seen	2020-06-01
modified	2020-06-02
plugin id	68799
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68799
title	Oracle Linux 6 : bind (ELSA-2013-0689)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2013-086-02.NASL
description	New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	65706
published	2013-03-28
reporter	This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65706
title	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : dhcp (SSA:2013-086-02)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130328_BIND97_ON_SL5_X.NASL
description	A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. After installing the update, the BIND daemon (named) will be restarted automatically.
last seen	2020-03-18
modified	2013-04-01
plugin id	65761
published	2013-04-01
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65761
title	Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20130328)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1783-1.NASL
description	Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	65763
published	2013-04-01
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65763
title	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : bind9 vulnerability (USN-1783-1)

Oval

accepted

2015-04-20T04:01:31.793-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19579

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running BIND, Remote Denial of Service (DoS)

version

Redhat

advisories

bugzilla

id	928439
title	building bind-dyndb-ldap error: dns/rrl.h: No such file or directory

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment bind-chroot is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689001
comment bind-chroot is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651008

AND
comment bind-sdb is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689003
comment bind-sdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651002

AND

comment bind-devel is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689005
comment bind-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651004

AND
comment bind is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689007
comment bind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651006

AND

comment bind-utils is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689009
comment bind-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651012

AND
comment bind-libs is earlier than 32:9.8.2-0.17.rc1.el6_4.4
oval oval:com.redhat.rhsa:tst:20130689011
comment bind-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20170651010

rhsa

id	RHSA-2013:0689
released	2013-03-28
severity	Important
title	RHSA-2013:0689: bind security and bug fix update (Important)

bugzilla

id	928027
title	CVE-2013-2266 bind: libdns regular expressions excessive resource consumption DoS

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment bind97-chroot is earlier than 32:9.7.0-17.P2.el5_9.1
oval oval:com.redhat.rhsa:tst:20130690001
comment bind97-chroot is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110845010

AND

comment bind97-devel is earlier than 32:9.7.0-17.P2.el5_9.1
oval oval:com.redhat.rhsa:tst:20130690003
comment bind97-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110845006

AND
comment bind97 is earlier than 32:9.7.0-17.P2.el5_9.1
oval oval:com.redhat.rhsa:tst:20130690005
comment bind97 is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110845002
AND
comment bind97-libs is earlier than 32:9.7.0-17.P2.el5_9.1
oval oval:com.redhat.rhsa:tst:20130690007
comment bind97-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110845008

AND

comment bind97-utils is earlier than 32:9.7.0-17.P2.el5_9.1
oval oval:com.redhat.rhsa:tst:20130690009
comment bind97-utils is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20110845004

rhsa

id	RHSA-2013:0690
released	2013-03-28
severity	Important
title	RHSA-2013:0690: bind97 security update (Important)

rpms

bind-32:9.8.2-0.17.rc1.el6_4.4
bind-chroot-32:9.8.2-0.17.rc1.el6_4.4
bind-debuginfo-32:9.8.2-0.17.rc1.el6_4.4
bind-devel-32:9.8.2-0.17.rc1.el6_4.4
bind-libs-32:9.8.2-0.17.rc1.el6_4.4
bind-sdb-32:9.8.2-0.17.rc1.el6_4.4
bind-utils-32:9.8.2-0.17.rc1.el6_4.4
bind97-32:9.7.0-17.P2.el5_9.1
bind97-chroot-32:9.7.0-17.P2.el5_9.1
bind97-debuginfo-32:9.7.0-17.P2.el5_9.1
bind97-devel-32:9.7.0-17.P2.el5_9.1
bind97-libs-32:9.7.0-17.P2.el5_9.1
bind97-utils-32:9.7.0-17.P2.el5_9.1

Seebug

bulletinFamily	exploit
description	Bugtraq ID:58736 CVE ID:CVE-2013-2266 ISC BIND是一款DNS协议的实现 ISC BIND存在一个安全漏洞，允许远程攻击者利用漏洞发送特制的请求，使目标named服务在处理规则表达式时消耗大量内存，造成系统崩溃。 BIND 9.6.x和10.x不受此漏洞影响。此外此漏洞仅影响unix及相关的操作系统，基于windows的版本不受此漏洞影响。 0 ISC BIND 9.7.x, 9.8.0 -> 9.8.5b1, 9.9.0 -> 9.9.3b1 厂商解决方案 ISC BIND 9.8.4-P2, 9.9.2-P及更改版本已经修复此漏洞，建议用户下载更新： https://www.isc.org/software/bind
id	SSV:60714
last seen	2017-11-19
modified	2013-03-29
published	2013-03-29
reporter	Root
title	ISC BIND 9 'libdns' 远程拒绝服务漏洞(CVE-2013-2266)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References