Bug 1027689 - (CVE-2013-6230) CVE-2013-6230 bind: localnets ACL bypass caused by WinSock API bug
CVE-2013-6230 bind: localnets ACL bypass caused by WinSock API bug
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131106,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-07 04:52 EST by Tomas Hoger
Modified: 2013-11-07 04:54 EST (History)
6 users (show)

See Also:
Fixed In Version: bind 9.6-ESV-R10-P1, bind 9.8.6-P1, bind 9.9.4-P1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-07 04:54:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2013-11-07 04:52:36 EST
ISC published a security advisory for Bind name server:

  https://kb.isc.org/article/AA-01062

  CVE-2013-6230: A Winsock API Bug Can Cause a Side-Effect Affecting BIND ACLs

  A Winsock library call on some Windows systems can return an incorrect
  value for an interface's netmask, potentially causing unexpected matches
  to BIND's built-in "localnets" Access Control List.

  On some Microsoft Windows systems, a network interface that has an "all
  ones" IPv4 subnet mask (255.255.255.255) will be incorrectly reported (by
  the Winsock WSAIoctl API) as an all zeros value (0.0.0.0). Because
  interfaces' netmasks are used to compute the broadcast domain for each
  interface during construction of the built-in "localnets" ACL, an all
  zeroes netmask can cause matches on any IPv4 address, permitting
  unexpected access to any BIND feature configured to allow access to
  "localnets".  And unless overridden by a specific value in named.conf,
  the default permissions for several BIND features (for example,
  allow-query-cache, allow-query-cache-on, allow-recursion, and others) use
  this predefined "localnets" ACL.  

  ...

  Only systems running versions of Microsoft Windows which have the flawed
  winsock call are vulnerable to this defect.  Unix servers are not
  affected.

Following Bind versions contain a fix to workaround the winSock API bug:

  BIND 9 version 9.6-ESV-R10-P1
  BIND 9 version 9.8.6-P1
  BIND 9 version 9.9.4-P1

External References:

https://kb.isc.org/article/AA-01062
Comment 1 Tomas Hoger 2013-11-07 04:54:43 EST
Statement:

Not vulnerable. This flaw only affected BIND on Microsoft Windows platforms with a flawed WinSock call. This vulnerability does not affect BIND on Linux or Unix platforms.

Note You need to log in before you can comment on or make changes to this bug.