Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
ISC BIND Winsock API Vulnerability (CVE-2013-6230) - Windows
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
ISC BIND is prone to a vulnerability in the Winsock API.
Insight
Insight
On some Microsoft Windows systems, a network interface that has an 'all ones' IPv4 subnet mask (255.255.255.255) will be incorrectly reported (by the Winsock WSAIoctl API) as an all zeroes value (0.0.0.0). Because interfaces' netmasks are used to compute the broadcast domain for each interface during construction of the built-in 'localnets' ACL, an all zeroes netmask can cause matches on any IPv4 address, permitting unexpected access to any BIND feature configured to allow access to 'localnets'. And unless overridden by a specific value in named.conf, the default permissions for several BIND features (for example, allow-query-cache, allow-query-cache-on, allow-recursion, and others) use this predefined 'localnets' ACL. In addition, non-default access controls and other directives using an address match list with the predefined 'localnets' ACL may not match as expected. This may include rndc 'controls', 'allow-notify', 'allow-query', 'allow-transfer', 'allow-update', 'blackhole', 'filter-aaaa', 'deny-answer-addresses', 'exempt-clients', and other directives if an administrator has specified the 'localnets' ACL in their match lists.
Affected Software
Affected Software
BIND 9.6-ESV through 9.6-ESV-R10, 9.8.0 through 9.8.6, 9.9.0 through 9.9.4, 9.9.3-S1 and 9.9.4-S1 on Windows.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 9.6-ESV-R10-P1, 9.8.6-P1, 9.9.4-P1 or later.