Bug 1027689 (CVE-2013-6230) - CVE-2013-6230 bind: localnets ACL bypass caused by WinSock API bug
Summary: CVE-2013-6230 bind: localnets ACL bypass caused by WinSock API bug
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-6230
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-07 09:52 UTC by Tomas Hoger
Modified: 2021-02-17 07:12 UTC (History)
6 users (show)

Fixed In Version: bind 9.6-ESV-R10-P1, bind 9.8.6-P1, bind 9.9.4-P1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-07 09:54:43 UTC
Embargoed:


Attachments (Terms of Use)

Description Tomas Hoger 2013-11-07 09:52:36 UTC
ISC published a security advisory for Bind name server:

  https://kb.isc.org/article/AA-01062

  CVE-2013-6230: A Winsock API Bug Can Cause a Side-Effect Affecting BIND ACLs

  A Winsock library call on some Windows systems can return an incorrect
  value for an interface's netmask, potentially causing unexpected matches
  to BIND's built-in "localnets" Access Control List.

  On some Microsoft Windows systems, a network interface that has an "all
  ones" IPv4 subnet mask (255.255.255.255) will be incorrectly reported (by
  the Winsock WSAIoctl API) as an all zeros value (0.0.0.0). Because
  interfaces' netmasks are used to compute the broadcast domain for each
  interface during construction of the built-in "localnets" ACL, an all
  zeroes netmask can cause matches on any IPv4 address, permitting
  unexpected access to any BIND feature configured to allow access to
  "localnets".  And unless overridden by a specific value in named.conf,
  the default permissions for several BIND features (for example,
  allow-query-cache, allow-query-cache-on, allow-recursion, and others) use
  this predefined "localnets" ACL.  

  ...

  Only systems running versions of Microsoft Windows which have the flawed
  winsock call are vulnerable to this defect.  Unix servers are not
  affected.

Following Bind versions contain a fix to workaround the winSock API bug:

  BIND 9 version 9.6-ESV-R10-P1
  BIND 9 version 9.8.6-P1
  BIND 9 version 9.9.4-P1

External References:

https://kb.isc.org/article/AA-01062

Comment 1 Tomas Hoger 2013-11-07 09:54:43 UTC
Statement:

Not vulnerable. This flaw only affected BIND on Microsoft Windows platforms with a flawed WinSock call. This vulnerability does not affect BIND on Linux or Unix platforms.


Note You need to log in before you can comment on or make changes to this bug.