FreeBSD: dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion (CVE-2013-2266)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | March 28, 2013 | May 08, 2014 | May 08, 2014 |
Description
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
freebsd-upgrade-package-bind98Related Vulnerabilities
- OS X update for Bind (CVE-2013-2266)
- OS X update for Apache (CVE-2013-2266)
- USN-1783-1: Bind vulnerability
- ELSA-2013-0689 Important: Oracle Linux bind security and bug fix update
- Gentoo Linux: CVE-2013-2266: BIND: Denial of Service
- DSA-2656-1 bind9 -- denial of service
- RHSA-2013:0690: bind97 security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- HP-UX: CVE-2013-2266: Running BIND, Remote Denial of Service (DoS)
- Amazon Linux AMI: Security patch for bind (ALAS-2013-176) (CVE-2013-2266)
- ISC BIND: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named (CVE-2013-2266)
- FreeBSD: FreeBSD -- BIND remote denial of service (FreeBSD-SA-13:04.bind) (CVE-2013-2266)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- SUSE Linux Security Vulnerability: CVE-2013-2266
- ELSA-2013-0690 Important: Oracle Linux bind97 security update
- ELSA-2014-0043 Moderate: Oracle Linux bind security update
- Alpine Linux: CVE-2013-2266: Vulnerability in dhcp < 4.2.5-P1 allows remote denial of service
- RHSA-2013:0689: bind security and bug fix update
- ELSA-2014-1244 Moderate: Oracle Linux bind97 security and bug fix update