CVE-2013-6230 — Bind vulnerability

CWE-2646 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

1.1%

top 22.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind

Timeline

PublishedNov 8

Latest updateMay 14

Description

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDisc/bind13 versions+12

🔴Vulnerability Details

GHSA

GHSA-v9c9-f7pq-rcx4: The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9↗2022-05-14

▶

CVEList

CVE-2013-6230: The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9↗2013-11-08

▶

📋Vendor Advisories

Red Hat

bind: localnets ACL bypass caused by WinSock API bug↗2013-11-06

▶

Debian

CVE-2013-6230: bind9 - The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9...↗2013

▶

💬Community

Bugzilla

CVE-2013-6230 bind: localnets ACL bypass caused by WinSock API bug↗2013-11-07

▶