Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - BIND 9 Update fixing CVE-2013-3919 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

BIND 9 Update fixing CVE-2013-3919

Published: 2013-06-05
Last Updated: 2013-06-05 22:00:12 UTC
by Richard Porter (Version: 1)
2 comment(s)
Today BIND9 recevied an update fixing a "recursive resolver with a RUNTIME_CHECK error in resolver.c" [1] Affected versions are BIND 9.6-ESV-R9, 9.8.5, and 9.9.3. The rated CVSS on this one is 7.8 [1,2]
 
To quote isc.org:
 
"At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process."
 
It it is time to review those BIND9 servers and start the process of patching.
 
[1] https://kb.isc.org/article/AA-00967
[2] http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Richard Porter

--- ISC Handler on Duty

Keywords: bind9 ddos dns dos patch
2 comment(s)
Diary Archives