CVE-2013-5661
published 2019-11-05CVE-2013-5661: Cache Poisoning issue exists in DNS Response Rate Limiting.
PriorityP430medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
3.45%
87.5th percentile
Cache Poisoning issue exists in DNS Response Rate Limiting.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| isc | bind | 9.8.0 – 9.9.0 | — |
| nic | knot_resolver | < 1.3.0 | 1.3.0 |
| nlnetlabs | nsd | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
DNS response rate limiting can simplify cache poisoning attacks
vendor_redhat·2013-09-09·CVSS 5.9
CVE-2013-5661 [MEDIUM] DNS response rate limiting can simplify cache poisoning attacks
DNS response rate limiting can simplify cache poisoning attacks
Cache Poisoning issue exists in DNS Response Rate Limiting.
Statement: Red Hat does not currently plan to change the default value of the slip parameter of the DNS response rate limiting (DNS RRL) feature in bind packages shipped with Red Hat Enterprise Linux. Refer to Red Hat Bugzilla bug 1038750 for additional details.
Package: bind (Red Hat Enterprise Linux 5) - Not affected
Package: bind97 (Red Hat Enterprise Linux 5) - Not affected
Package: bind (Red Hat Enterprise Linux 6) - Will not fix
Package: bind (Red Hat Enterprise Linux 7) - Will not fix
GHSA
GHSA-8ggc-49w3-fh4r: Cache Poisoning issue exists in DNS Response Rate Limiting
ghsa_unreviewed·2022-05-05
CVE-2013-5661 [MEDIUM] CWE-290 GHSA-8ggc-49w3-fh4r: Cache Poisoning issue exists in DNS Response Rate Limiting
Cache Poisoning issue exists in DNS Response Rate Limiting.
No detection rules found.
No public exploits indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661https://security-tracker.debian.org/tracker/CVE-2013-5661https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661https://security-tracker.debian.org/tracker/CVE-2013-5661
2019-11-05
Published