Description

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

References

• APPLE-APPLE-SA-2013-09-12-1
• CVE-2013-2266
• DEBIAN-DSA-2656
• OVAL-OVAL19579
• REDHAT-RHSA-2013:0689
• REDHAT-RHSA-2013:0690

Solution

Related Vulnerabilities

• OS X update for Bind (CVE-2013-2266)
• OS X update for Apache (CVE-2013-2266)
• USN-1783-1: Bind vulnerability
• ELSA-2013-0689 Important: Oracle Linux bind security and bug fix update
• Gentoo Linux: CVE-2013-2266: BIND: Denial of Service
• DSA-2656-1 bind9 -- denial of service
• RHSA-2013:0690: bind97 security update
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
• HP-UX: CVE-2013-2266: Running BIND, Remote Denial of Service (DoS)
• Amazon Linux AMI: Security patch for bind (ALAS-2013-176) (CVE-2013-2266)
• ISC BIND: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named (CVE-2013-2266)
• FreeBSD: FreeBSD -- BIND remote denial of service (FreeBSD-SA-13:04.bind) (CVE-2013-2266)
• Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
• SUSE Linux Security Vulnerability: CVE-2013-2266
• ELSA-2013-0690 Important: Oracle Linux bind97 security update
• ELSA-2014-0043 Moderate: Oracle Linux bind security update
• Alpine Linux: CVE-2013-2266: Vulnerability in dhcp < 4.2.5-P1 allows remote denial of service
• RHSA-2013:0689: bind security and bug fix update
• ELSA-2014-1244 Moderate: Oracle Linux bind97 security and bug fix update