SB2013040102 - Buffer overflow in bind (Alpine package)
Published: April 1, 2013
Security Bulletin ID
SB2013040102
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2013-2266)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0c5e0d00df59b2541ef41d9f3e71c027a90f133f
- https://git.alpinelinux.org/aports/commit/?id=9b0b82c823658f1d013745367024b3738cb6dde5
- https://git.alpinelinux.org/aports/commit/?id=a0bc4b15b88992e54c16e8525b60c7f9cf85103f
- https://git.alpinelinux.org/aports/commit/?id=a6af71174ca370366c6e103f464a26bbc117d621
- https://git.alpinelinux.org/aports/commit/?id=17f105dd292281d4e6fb5176e4a0f4d1685c6ac3
- https://git.alpinelinux.org/aports/commit/?id=7f993b4a85561913269fcb1ff3c9958b7f77e03a
- https://git.alpinelinux.org/aports/commit/?id=553c4c1c782e1a41aef14bd549565cc9f4ce1af8