7.8 - CVE-2013-2266

Executive Summary

Informations
Name	CVE-2013-2266	First vendor Publication	2013-03-28
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18255

Oval ID:	oval:org.mitre.oval:def:18255
Title:	USN-1783-1 -- bind9 vulnerability
Description:	Bind could be made to consume memory or crash if it received specially crafted network traffic.
Family:	unix	Class:	patch
Reference(s):	USN-1783-1 CVE-2013-2266	Version:	5
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	bind9
Definition Synopsis:
Release section Ubuntu 12.10 is installed Packages match section bind9 DPKG is earlier than 1:9.8.1.dfsg.P1-4.2ubuntu3.2 AND libdns81 DPKG is earlier than 1:9.8.1.dfsg.P1-4.2ubuntu3.2 AND Release section Ubuntu 12.04 is installed Packages match section bind9 DPKG is earlier than 1:9.8.1.dfsg.P1-4ubuntu0.6 AND libdns81 DPKG is earlier than 1:9.8.1.dfsg.P1-4ubuntu0.6 AND Release section Ubuntu 11.10 is installed Packages match section bind9 DPKG is earlier than 1:9.7.3.dfsg-1ubuntu4.6 AND libdns69 DPKG is earlier than 1:9.7.3.dfsg-1ubuntu4.6 AND Release section Ubuntu 10.04 is installed Packages match section bind9 DPKG is earlier than 1:9.7.0.dfsg.P1-1ubuntu0.9 AND libdns64 DPKG is earlier than 1:9.7.0.dfsg.P1-1ubuntu0.9

Definition Id: oval:org.mitre.oval:def:19159

Oval ID:	oval:org.mitre.oval:def:19159
Title:	DSA-2656-1 bind9 - denial of service
Description:	Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.
Family:	unix	Class:	patch
Reference(s):	DSA-2656-1 CVE-2013-2266	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	bind9
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND bind9 DPKG is earlier than 1:9.7.3.dfsg-1~squeeze10

Definition Id: oval:org.mitre.oval:def:19579

Oval ID:	oval:org.mitre.oval:def:19579
Title:	HP-UX Running BIND, Remote Denial of Service (DoS)
Description:	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-2266	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets test For BIND 9.7.3 version is less than C.9.7.3.2.0 AND NameService.BIND-AUX version is less than C.9.7.3.2.0 AND NameService.BIND-RUN version is less than C.9.7.3.2.0

Definition Id: oval:org.mitre.oval:def:20435

Oval ID:	oval:org.mitre.oval:def:20435
Title:	RHSA-2013:0689: bind security and bug fix update (Important)
Description:	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0689-01 CESA-2013:0689 CVE-2013-2266	Version:	4
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	bind
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section bind is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-chroot is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-sdb is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-libs is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-utils is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-devel is earlier than 32:9.8.2-0.17.rc1.el6_4.4

Definition Id: oval:org.mitre.oval:def:20851

Oval ID:	oval:org.mitre.oval:def:20851
Title:	RHSA-2013:0690: bind97 security update (Important)
Description:	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0690-00 CESA-2013:0690 CVE-2013-2266	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	bind97
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section bind97-utils is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97 is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-libs is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-chroot is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-devel is earlier than 32:9.7.0-17.P2.el5_9.1

Definition Id: oval:org.mitre.oval:def:23024

Oval ID:	oval:org.mitre.oval:def:23024
Title:	ELSA-2013:0690: bind97 security update (Important)
Description:	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0690-00 CVE-2013-2266	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	bind97
Definition Synopsis:
Oracle Linux 5.x rpm test bind97-utils is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97 is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-libs is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-chroot is earlier than 32:9.7.0-17.P2.el5_9.1 AND bind97-devel is earlier than 32:9.7.0-17.P2.el5_9.1

Definition Id: oval:org.mitre.oval:def:24052

Oval ID:	oval:org.mitre.oval:def:24052
Title:	ELSA-2013:0689: bind security and bug fix update (Important)
Description:	libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0689-01 CVE-2013-2266	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	bind
Definition Synopsis:
Oracle Linux 6.x rpm test bind is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-chroot is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-sdb is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-libs is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-utils is earlier than 32:9.8.2-0.17.rc1.el6_4.4 AND bind-devel is earlier than 32:9.8.2-0.17.rc1.el6_4.4

Definition Id: oval:org.mitre.oval:def:25966

Oval ID:	oval:org.mitre.oval:def:25966
Title:	SUSE-SU-2013:0696-1 -- Security update for dhcp
Description:	The ISC DHCP server had a denial of service issue in handling specific DDNS requests which could cause a out of memory usage situation. (CVE-2013-2266) This update also adds a dhcp6-server service template for SuSEfirewall2 (bnc#783002) Security Issues: * CVE-2013-2266 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0696-1 CVE-2013-2266	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	dhcp
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section dhcp RPM is earlier than 0:4.2.4.P2-0.11.13.1 AND dhcp-client RPM is earlier than 0:4.2.4.P2-0.11.13.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section dhcp-relay RPM is earlier than 0:4.2.4.P2-0.11.13.1 AND dhcp-server RPM is earlier than 0:4.2.4.P2-0.11.13.1

Definition Id: oval:org.mitre.oval:def:26970

Oval ID:	oval:org.mitre.oval:def:26970
Title:	ELSA-2014-1244 -- bind97 security and bug fix update (Moderate)
Description:	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug: * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1244 CVE-2014-0591 CVE-2013-4854 CVE-2013-2266	Version:	5
Platform(s):	Oracle Linux 5	Product(s):	bind97
Definition Synopsis:
Oracle Linux 5.x Packages match section bind97 RPM is earlier than 32:9.7.0-21.P2.el5 AND bind97-chroot RPM is earlier than 32:9.7.0-21.P2.el5 AND bind97-devel RPM is earlier than 32:9.7.0-21.P2.el5 AND bind97-libs RPM is earlier than 32:9.7.0-21.P2.el5 AND bind97-utils RPM is earlier than 32:9.7.0-21.P2.el5

Definition Id: oval:org.mitre.oval:def:27538

Oval ID:	oval:org.mitre.oval:def:27538
Title:	DEPRECATED: ELSA-2013-0690 -- bind97 security update (important)
Description:	[32:9.7.0-17.P2.1] - fix CVE-2013-2266
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0690 CVE-2013-2266	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	bind97
Definition Synopsis:
Oracle Linux 5.x Packages match section bind97 is earlier than 0:9.7.0-17.P2.el5_9.1 AND bind97-chroot is earlier than 0:9.7.0-17.P2.el5_9.1 AND bind97-devel is earlier than 0:9.7.0-17.P2.el5_9.1 AND bind97-libs is earlier than 0:9.7.0-17.P2.el5_9.1 AND bind97-utils is earlier than 0:9.7.0-17.P2.el5_9.1

Definition Id: oval:org.mitre.oval:def:27642

Oval ID:	oval:org.mitre.oval:def:27642
Title:	DEPRECATED: ELSA-2013-0689 -- bind security and bug fix update (important)
Description:	[ 32:9.8.2-0.17.rc1.0.2.el6_4.4] - bump release and build for ULN
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0689 CVE-2013-2266	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	bind
Definition Synopsis:
Oracle Linux 6.x Packages match section bind is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4 AND bind-chroot is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4 AND bind-devel is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4 AND bind-libs is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4 AND bind-sdb is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4 AND bind-utils is earlier than 0:9.8.2-0.17.rc1.0.2.el6_4.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:2.3:a:isc:bind:9.9.3:b1:::::: cpe:2.3:a:isc:bind:9.9.3:::::::* cpe:2.3:a:isc:bind:9.9.2:::::::* cpe:2.3:a:isc:bind:9.9.1:p1:::::: cpe:2.3:a:isc:bind:9.9.1:p2:::::: cpe:2.3:a:isc:bind:9.9.1:::::::* cpe:2.3:a:isc:bind:9.9.0:a2:::::: cpe:2.3:a:isc:bind:9.9.0:rc1:::::: cpe:2.3:a:isc:bind:9.9.0:rc4:::::: cpe:2.3:a:isc:bind:9.9.0:b2:::::: cpe:2.3:a:isc:bind:9.9.0:rc2:::::: cpe:2.3:a:isc:bind:9.9.0:a3:::::: cpe:2.3:a:isc:bind:9.9.0:a1:::::: cpe:2.3:a:isc:bind:9.9.0:rc3:::::: cpe:2.3:a:isc:bind:9.9.0:::::::* cpe:2.3:a:isc:bind:9.9.0:b1:::::: cpe:2.3:a:isc:bind:9.8.5:b1:::-:::* cpe:2.3:a:isc:bind:9.8.5::::-::: cpe:2.3:a:isc:bind:9.8.4::::-::: cpe:2.3:a:isc:bind:9.8.3::::-::: cpe:2.3:a:isc:bind:9.8.3:p2:::-:::* cpe:2.3:a:isc:bind:9.8.3:p1:::-:::* cpe:2.3:a:isc:bind:9.8.2:b1:::-:::* cpe:2.3:a:isc:bind:9.8.2:rc2:::-:::* cpe:2.3:a:isc:bind:9.8.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.8.1:b3:::-:::* cpe:2.3:a:isc:bind:9.8.1:b1:::-:::* cpe:2.3:a:isc:bind:9.8.1:b2:::-:::* cpe:2.3:a:isc:bind:9.8.1::::-::: cpe:2.3:a:isc:bind:9.8.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.8.1:p1:::-:::* cpe:2.3:a:isc:bind:9.8.0::::-::: cpe:2.3:a:isc:bind:9.8.0:p4:::-:::* cpe:2.3:a:isc:bind:9.8.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.8.0:a1:::-:::* cpe:2.3:a:isc:bind:9.8.0:b1:::-:::* cpe:2.3:a:isc:bind:9.8.0:p2:::-:::* cpe:2.3:a:isc:bind:9.8.0:p1:::-:::* cpe:2.3:a:isc:bind:9.7.6:p1:::-:::* cpe:2.3:a:isc:bind:9.7.6::::-::: cpe:2.3:a:isc:bind:9.7.6:p2:::-:::* cpe:2.3:a:isc:bind:9.7.5:b1:::-:::* cpe:2.3:a:isc:bind:9.7.5:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.5:rc2:::-:::* cpe:2.3:a:isc:bind:9.7.5::::-::: cpe:2.3:a:isc:bind:9.7.4::::-::: cpe:2.3:a:isc:bind:9.7.4:b1:::-:::* cpe:2.3:a:isc:bind:9.7.4:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.4:p1:::-:::* cpe:2.3:a:isc:bind:9.7.3:p1:::-:::* cpe:2.3:a:isc:bind:9.7.3::::-::: cpe:2.3:a:isc:bind:9.7.3:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.3:b1:::-:::* cpe:2.3:a:isc:bind:9.7.2:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.2:p3:::-:::* cpe:2.3:a:isc:bind:9.7.2::::-::: cpe:2.3:a:isc:bind:9.7.2:p1:::-:::* cpe:2.3:a:isc:bind:9.7.2:p2:::-:::* cpe:2.3:a:isc:bind:9.7.1::::-::: cpe:2.3:a:isc:bind:9.7.1:p2:::-:::* cpe:2.3:a:isc:bind:9.7.1:p1:::-:::* cpe:2.3:a:isc:bind:9.7.1:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.0:p2:::-:::* cpe:2.3:a:isc:bind:9.7.0::::-::: cpe:2.3:a:isc:bind:9.7.0:rc1:::-:::* cpe:2.3:a:isc:bind:9.7.0:rc2:::-:::* cpe:2.3:a:isc:bind:9.7.0:p1:::-:::* cpe:2.3:a:isc:bind:9.7.0:b1:::-:::*	68

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373

Snort® IPS/IDS

Date	Description
2014-03-27	ISC libdns client NAPTR record regular expression handling denial of service ... RuleID : 29935 - Revision : 2 - Type : PROTOCOL-DNS
2014-01-10	ISC libdns client NAPTR record regular expression handling denial of service ... RuleID : 26427 - Revision : 4 - Type : PROTOCOL-DNS
2014-01-10	ISC BIND NAPTR record regular expression handling denial of service attempt RuleID : 26324 - Revision : 6 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0084.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0746.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14386.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-303.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-302.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-297.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-296.nasl - Type : ACT_GATHER_INFO
2014-01-30	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-34.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-176.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0689.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0690.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0689.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-059.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-058.nasl - Type : ACT_GATHER_INFO
2013-04-18	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_dhcp-130327.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7a282e4995b611e284330800273fe665.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote Fedora host is missing a security update. File : fedora_2013-4533.nasl - Type : ACT_GATHER_INFO
2013-04-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_13031d989bd111e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-07	Name : The remote Fedora host is missing a security update. File : fedora_2013-4525.nasl - Type : ACT_GATHER_INFO
2013-04-01	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1783-1.nasl - Type : ACT_GATHER_INFO
2013-04-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2656.nasl - Type : ACT_GATHER_INFO
2013-04-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130328_bind_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-04-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130328_bind97_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0690.nasl - Type : ACT_GATHER_INFO
2013-03-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0689.nasl - Type : ACT_GATHER_INFO
2013-03-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0690.nasl - Type : ACT_GATHER_INFO
2013-03-29	Name : The remote name server is prone to a denial of service attack. File : bind9_992_p2.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-086-01.nasl - Type : ACT_GATHER_INFO
2013-03-28	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-086-02.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101500.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101603.html
http://marc.info/?l=bugtraq&m=136804614120794&w=2
http://marc.info/?l=bugtraq&m=136804614120794&w=2
http://rhn.redhat.com/errata/RHSA-2013-0689.html
http://rhn.redhat.com/errata/RHSA-2013-0690.html
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2013/dsa-2656
http://www.isc.org/software/bind/advisories/cve-2013-2266
http://www.securityfocus.com/bid/58736
http://www.ubuntu.com/usn/USN-1783-1
https://kb.isc.org/article/AA-00871/
https://kb.isc.org/article/AA-00879/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:34:44	Multiple Updates
2024-08-02 12:23:36	Multiple Updates
2024-08-02 01:07:00	Multiple Updates
2024-02-02 01:22:56	Multiple Updates
2024-02-01 12:06:48	Multiple Updates
2023-09-05 12:21:40	Multiple Updates
2023-09-05 01:06:41	Multiple Updates
2023-09-02 12:21:41	Multiple Updates
2023-09-02 01:06:47	Multiple Updates
2023-08-22 12:19:24	Multiple Updates
2022-10-11 01:06:28	Multiple Updates
2021-05-04 12:25:01	Multiple Updates
2021-04-22 01:29:58	Multiple Updates
2020-05-23 00:36:56	Multiple Updates
2018-10-31 00:20:31	Multiple Updates
2017-09-19 09:25:57	Multiple Updates
2017-04-22 13:25:52	Multiple Updates
2017-01-07 09:25:12	Multiple Updates
2016-06-28 19:28:56	Multiple Updates
2016-04-26 23:06:23	Multiple Updates
2014-12-27 13:24:59	Multiple Updates
2014-11-08 13:30:50	Multiple Updates
2014-10-11 13:26:17	Multiple Updates
2014-06-14 13:35:27	Multiple Updates
2014-03-27 21:20:54	Multiple Updates
2014-02-17 11:19:19	Multiple Updates
2014-01-19 21:29:18	Multiple Updates
2013-12-05 17:20:04	Multiple Updates
2013-11-23 00:22:09	Multiple Updates
2013-11-19 13:31:57	Multiple Updates
2013-11-11 12:40:23	Multiple Updates
2013-09-18 13:19:52	Multiple Updates
2013-06-05 13:20:22	Multiple Updates
2013-05-10 22:30:14	Multiple Updates
2013-04-11 13:21:08	Multiple Updates
2013-04-01 21:18:43	Multiple Updates
2013-03-28 21:18:34	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	11
CPE ID(s)	68
Sources(s)	16
IAVM(s)	1
Snort® Rule(s)	3
Nessus® Exploit(s)	32

	Related
7.8	USN-1783-1
7.8	RHSA-2013:0690
7.8	RHSA-2013:0689
7.8	MDVSA-2013:059
7.8	MDVSA-2013:058
7.8	HPSBUX02876 SSR...
7.8	GLSA-201401-34
7.8	DSA-2656
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)

7.8 - CVE-2013-2266

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU