Signature Detail

DNS: ISC BIND RDATA Records Handling Denial of Service

This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.

Extended Description

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Affected Products

• fedoraproject fedora 18
• fedoraproject fedora 19
• freebsd 8.0
• freebsd 8.1
• freebsd 8.2
• freebsd 8.3
• freebsd 8.4
• freebsd 9.0
• freebsd 9.1 (release-p4)
• freebsd 9.1 (release-p5)
• freebsd 9.2 (prerelease)
• freebsd 9.2 (rc1)
• freebsd 9.2 (rc2)
• hp hp-ux b.11.31
• isc bind 9.7.0a1
• isc bind 9.7.0a2
• isc bind 9.7.0a3
• isc bind 9.7.0b1
• isc bind 9.7.0b2
• isc bind 9.7.0b3
• isc bind 9.7.0 (beta)
• isc bind 9.7.0 (p1)
• isc bind 9.7.0 (p2)
• isc bind 9.7.0 (rc1)
• isc bind 9.7.0 (rc2)
• isc bind 9.7.1b1
• isc bind 9.7.1 (p1)
• isc bind 9.7.1 (p2)
• isc bind 9.7.1 (rc1)
• isc bind 9.7.2 (p1)
• isc bind 9.7.2 (p2)
• isc bind 9.7.2 (p3)
• isc bind 9.7.2 (rc1)
• isc bind 9.7.3 (b1)
• isc bind 9.7.3 (p1)
• isc bind 9.7.3 (rc1)
• isc bind 9.7.4b1
• isc bind 9.7.4 (b1)
• isc bind 9.7.4 (p1)
• isc bind 9.7.4 (rc1)
• isc bind 9.7.5 (b1)
• isc bind 9.7.5 (rc1)
• isc bind 9.7.5 (rc2)
• isc bind 9.7.6 (p1)
• isc bind 9.7.6 (p2)
• isc bind 9.7.7
• isc bind 9.8.0 (a1)
• isc bind 9.8.0 (b1)
• isc bind 9.8.0 (p1)
• isc bind 9.8.0 (p2)
• isc bind 9.8.0 (p4)
• isc bind 9.8.0 (rc1)
• isc bind 9.8.1 (b1)
• isc bind 9.8.1 (b2)
• isc bind 9.8.1 (b3)
• isc bind 9.8.1 (p1)
• isc bind 9.8.1 (rc1)
• isc bind 9.8.2 (b1)
• isc bind 9.8.2 (rc1)
• isc bind 9.8.2 (rc2)
• isc bind 9.8.3 (p1)
• isc bind 9.8.3 (p2)
• isc bind 9.8.4
• isc bind 9.8.5 (b1)
• isc bind 9.8.5 (b2)
• isc bind 9.8.5 (p1)
• isc bind 9.8.5 (rc1)
• isc bind 9.8.5 (rc2)
• isc bind 9.8.6 (b1)
• isc bind 9.9.0 (a1)
• isc bind 9.9.0 (a2)
• isc bind 9.9.0 (a3)
• isc bind 9.9.0 (b1)
• isc bind 9.9.0 (b2)
• isc bind 9.9.0 (rc1)
• isc bind 9.9.0 (rc2)
• isc bind 9.9.0 (rc3)
• isc bind 9.9.0 (rc4)
• isc bind 9.9.1 (p1)
• isc bind 9.9.1 (p2)
• isc bind 9.9.2
• isc bind 9.9.3 (b1)
• isc bind 9.9.3 (b2)
• isc bind 9.9.3 (p1)
• isc bind 9.9.3 (rc1)
• isc bind 9.9.3 (rc2)
• isc dnsco_bind 9.9.3 (s1)
• isc dnsco_bind 9.9.4 (s1b1)
• mandriva business_server 1.0
• mandriva enterprise_server 5.0
• novell opensuse 11.4
• novell suse_linux 11 (:server)
• novell suse_linux_software_development_kit 11.0 (sp2:enterprise)
• novell suse_linux_software_development_kit 11.0 (sp3:enterprise)
• redhat enterprise_linux 5
• redhat enterprise_linux 6
• slackware slackware_linux 12.1
• slackware slackware_linux 12.2
• slackware slackware_linux 13.0
• slackware slackware_linux 13.1
• slackware slackware_linux 13.37

References

• BugTraq: 61479
• CVE: CVE-2013-4854