The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x prior to 9.8.5-P2, 9.8.6b1, 9.9.x prior to 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 prior to 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote malicious users to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
isc bind 9.7.0 |
||
isc bind 9.7.1 |
||
isc bind 9.7.2 |
||
isc bind 9.7.3 |
||
isc bind 9.7.5 |
||
isc bind 9.7.6 |
||
isc bind 9.7.4 |
||
isc bind 9.7.7 |
||
suse suse linux enterprise software development kit 11.0 |
||
novell suse linux 11 |
||
isc dnsco bind 9.9.3 |
||
isc dnsco bind 9.9.4 |
||
opensuse opensuse 11.4 |
||
isc bind 9.9.3 |
||
isc bind 9.9.0 |
||
isc bind 9.9.1 |
||
isc bind 9.9.2 |
||
freebsd freebsd 9.1 |
||
freebsd freebsd 8.3 |
||
freebsd freebsd 8.4 |
||
freebsd freebsd 9.2 |
||
freebsd freebsd 8.0 |
||
freebsd freebsd 8.1 |
||
freebsd freebsd 8.2 |
||
freebsd freebsd 9.0 |
||
mandriva enterprise server 5.0 |
||
mandriva business server 1.0 |
||
redhat enterprise linux 5 |
||
redhat enterprise linux 6.0 |
||
isc bind 9.8.5 |
||
isc bind 9.8.0 |
||
isc bind 9.8.3 |
||
isc bind 9.8.2 |
||
isc bind 9.8.1 |
||
isc bind 9.8.6 |
||
isc bind 9.8.4 |
||
fedoraproject fedora 18 |
||
fedoraproject fedora 19 |
||
hp hp-ux b.11.31 |
||
slackware slackware linux 13.1 |
||
slackware slackware linux 13.0 |
||
slackware slackware linux 13.37 |
||
slackware slackware linux 12.2 |
||
slackware slackware linux 12.1 |