ISC published a security advisory for Bind name server: https://kb.isc.org/article/AA-01062 CVE-2013-6230: A Winsock API Bug Can Cause a Side-Effect Affecting BIND ACLs A Winsock library call on some Windows systems can return an incorrect value for an interface's netmask, potentially causing unexpected matches to BIND's built-in "localnets" Access Control List. On some Microsoft Windows systems, a network interface that has an "all ones" IPv4 subnet mask (255.255.255.255) will be incorrectly reported (by the Winsock WSAIoctl API) as an all zeros value (0.0.0.0). Because interfaces' netmasks are used to compute the broadcast domain for each interface during construction of the built-in "localnets" ACL, an all zeroes netmask can cause matches on any IPv4 address, permitting unexpected access to any BIND feature configured to allow access to "localnets". And unless overridden by a specific value in named.conf, the default permissions for several BIND features (for example, allow-query-cache, allow-query-cache-on, allow-recursion, and others) use this predefined "localnets" ACL. ... Only systems running versions of Microsoft Windows which have the flawed winsock call are vulnerable to this defect. Unix servers are not affected. Following Bind versions contain a fix to workaround the winSock API bug: BIND 9 version 9.6-ESV-R10-P1 BIND 9 version 9.8.6-P1 BIND 9 version 9.9.4-P1 External References: https://kb.isc.org/article/AA-01062
Statement: Not vulnerable. This flaw only affected BIND on Microsoft Windows platforms with a flawed WinSock call. This vulnerability does not affect BIND on Linux or Unix platforms.