Vulnerabilities > CVE-2013-3919 - Remote Denial of Service vulnerability in ISC Bind 9.6/9.8.5/9.9.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SERVER_4_0.NASL description The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the last seen 2020-06-01 modified 2020-06-02 plugin id 78601 published 2014-10-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78601 title Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78601); script_version("1.16"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2013-3919", "CVE-2013-4164", "CVE-2013-4854", "CVE-2013-6393", "CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0591", "CVE-2014-3566", "CVE-2014-4406", "CVE-2014-4424", "CVE-2014-4446", "CVE-2014-4447" ); script_bugtraq_id( 60338, 61479, 63873, 64801, 65258, 65719, 65723, 65724, 65725, 65727, 65728, 65731, 69918, 69935, 70574 ); script_xref(name:"CERT", value:"577193"); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-10-16-3"); script_name(english:"Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)"); script_summary(english:"Checks the OS X Server version."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a security update for OS X Server."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A cross-site scripting flaw exists in the Xcode Server due to not properly validating input before returning it to the user. This can allow a remote attacker, using a specially crafted request, to execute code within the browser / server trust relationship. (CVE-2014-4406) - A SQL injection flaw exists in the Wiki Server due to not properly sanitizing user input before using it in SQL queries. This can allow a remote attacker, using a specially crafted request, to inject or manipulate SQL queries, thus allowing the manipulation or disclosure of arbitrary data. (CVE-2014-4424) - A restriction bypass flaw exists in the Mail Server due to SCAL changes being cached and not enforced until the service had restarted. This can allow an authenticated remote attacker to bypass those restrictions. (CVE-2014-4446) - A password disclosure flaw exists in the Profile Manager due to passwords being potentially saved to a file when editing or setting up a profile. This can allow a local attacker to gain access to password information. (CVE-2014-4447)"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6536"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/533722/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf"); script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X Server version 4.0 or later. Note that OS X Server 4.0 is available only for OS X 10.10 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4424"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"in_the_news", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_server_services.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Server/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); version = get_kb_item_or_exit("MacOSX/Server/Version"); fixed_version = "4.0"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/0/SQLInjection', value:TRUE); set_kb_item(name:'www/0/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "OS X Server", version);NASL family DNS NASL id BIND9_993_P1.NASL description According to its self-reported version number, the remote installation of BIND can be forced to crash via a last seen 2020-06-01 modified 2020-06-02 plugin id 66838 published 2013-06-07 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66838 title ISC BIND 9 Recursive Resolver Malformed Zone DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(66838); script_version("1.8"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2013-3919"); script_bugtraq_id(60338); script_name(english:"ISC BIND 9 Recursive Resolver Malformed Zone DoS"); script_summary(english:"Checks version of BIND"); script_set_attribute(attribute:"synopsis", value:"The remote name server is prone to a denial of service attack."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote installation of BIND can be forced to crash via a 'RUNTIME_CHECK' error in 'resolver.c' caused by specially crafted queries for a record in a malformed zone to a recursive resolver. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected."); script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/docs/aa-00967"); script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.6-ESV-R9-P1/CHANGES"); script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.8.5-P1/CHANGES"); script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.9.3-P1/CHANGES"); script_set_attribute(attribute:"solution", value: "Upgrade to BIND version 9.9.3-P1 / 9.8.5-P1 / 9.6-ESV-R9-P1 or later, or apply the vendor-supplied patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/07"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("bind_version.nasl"); script_require_keys("bind/version", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("bind/version"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # Check whether BIND is vulnerable, and recommend an upgrade. # Vuln BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 are affected fix = NULL; # Vuln 9.6-ESV-R9 if (ver =~ "^9\.6-ESV-R9(b[1-2]|rc[1-2])?$") fix = '9.6-ESV-R9-P1'; # Vuln 9.8.5 else if (ver =~ "^9\.8\.5(b[1-2]|rc[1-2])?$") fix = '9.8.5-P1'; # Vuln 9.9.3 else if (ver =~ "^9\.9\.3(b[1-2]|rc[1-2])?$") fix = '9.9.3-P1'; else audit(AUDIT_LISTEN_NOT_VULN, "BIND", 53, ver, "UDP"); if (report_verbosity > 0) { report = '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_hole(port:53, proto:"udp", extra:report); } else security_hole(port:53, proto:"udp");NASL family Fedora Local Security Checks NASL id FEDORA_2013-9984.NASL description - update to 9.9.3-P1 (fix for CVE-2013-3919) - update RRL patch to 9.9.3-P1-rl.156.01 - install dns/update.h header Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67394 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67394 title Fedora 19 : bind-9.9.3-3.P1.fc19 (2013-9984) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-9984. # include("compat.inc"); if (description) { script_id(67394); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(60338); script_xref(name:"FEDORA", value:"2013-9984"); script_name(english:"Fedora 19 : bind-9.9.3-3.P1.fc19 (2013-9984)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - update to 9.9.3-P1 (fix for CVE-2013-3919) - update RRL patch to 9.9.3-P1-rl.156.01 - install dns/update.h header Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=709205" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=824219" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=964939" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108865.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?02a03f67" ); script_set_attribute(attribute:"solution", value:"Update the affected bind package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"bind-9.9.3-3.P1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_72F35727CE8311E2BE04005056A37F68.NASL description ISC reports : A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal last seen 2020-06-01 modified 2020-06-02 plugin id 66837 published 2013-06-07 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66837 title FreeBSD : dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone (72f35727-ce83-11e2-be04-005056a37f68) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-34.NASL description The remote host is affected by the vulnerability described in GLSA-201401-34 (BIND: Denial of Service) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72208 published 2014-01-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72208 title GLSA-201401-34 : BIND: Denial of Service