CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.3%
According to its self-reported version number, the remote installation of BIND on Windows contains an ACL security bypass vulnerability because the Winsock API does not properly support the ‘SIO_GET_INTERFACE_LIST’ command for the netmask 255.255.255.255. The netmask 255.255.255.255 will be translated to 0.0.0.0, which will match any IP address. This leads to IP address restrictions being bypassed.
Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(70889);
script_version("1.9");
script_cvs_date("Date: 2019/11/27");
script_cve_id("CVE-2013-6230");
script_bugtraq_id(63610);
script_name(english:"ISC BIND 9 localnets ACL Security Bypass");
script_summary(english:"Checks version of BIND");
script_set_attribute(attribute:"synopsis", value:
"The remote name server is prone to a security bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote installation
of BIND on Windows contains an ACL security bypass vulnerability because
the Winsock API does not properly support the 'SIO_GET_INTERFACE_LIST'
command for the netmask 255.255.255.255. The netmask 255.255.255.255
will be translated to 0.0.0.0, which will match any IP address. This
leads to IP address restrictions being bypassed.
Note that Nessus has only relied on the version itself and has not
attempted to determine whether or not the install is actually
affected.");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/docs/aa-01062");
# https://kb.isc.org/article/AA-01063/0/CVE-2013-6230%3A-FAQ-and-Supplemental-Information.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b819444d");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01067");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01068");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01069/");
script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.6-ESV-R10-P1/CHANGES");
# http://ftp.isc.org/isc/bind9/9.6-ESV-R11/RELEASE-NOTES-BIND-9.6-ESV-R11
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fb52a286");
script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.8.6-P1/CHANGES");
# http://ftp.isc.org/isc/bind9/9.8.7/RELEASE-NOTES-BIND-9.8.7
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2ca0d76");
script_set_attribute(attribute:"see_also", value:"http://ftp.isc.org/isc/bind9/9.9.4-P1/CHANGES");
# http://ftp.isc.org/isc/bind9/9.9.5/RELEASE-NOTES-BIND-9.9.5
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1c70dc0f");
script_set_attribute(attribute:"solution", value:
"Upgrade to BIND version 9.9.5 / 9.9.4-P1 / 9.8.7 / 9.8.6-P1 / 9.6-ESV-R11 / 9.6-ESV-R10-P1
or later or refer to the vendor for a workaround.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6230");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/06");
script_set_attribute(attribute:"patch_publication_date", value:"2013/11/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("bind_version.nasl", "os_fingerprint.nasl");
script_require_keys("bind/version", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit("bind/version");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
os = get_kb_item("Host/OS");
if (!os || "Windows" >!< os) audit(AUDIT_OS_NOT, "Windows");
# Check whether BIND is vulnerable, and recommend an upgrade.
# Vuln BIND 9.6.0-9.6-ESV-R10-P1, 9.7.0-9.7.7, 9.8.0-9.8.6-P1, 9.9.0-9.9.4-P1
fix = NULL;
if (ver =~ "^9\.6(\.|(-ESV($|-R([0-9]($|[^0-9])|10(b[1]$|rc[12]$)))))")
fix = '9.6-ESV-R11 / 9.6-ESV-R10-P1';
else if (ver =~ "^9\.7($|[^0-9])")
# Vuln 9.7.0-9.7.7 (there is no 9.7.x fix; recommend higher upgrade)
fix = '9.8.6-P1';
else if (
# Vuln 9.8.0-9.8.6-P1
ver =~ "^9\.8\.[0-5]($|[^0-9])" ||
ver =~ "^9\.8\.6(b[1-2]|rc[1-2])?$"
)
fix = '9.8.7 / 9.8.6-P1';
else if (
# Vuln 9.9.0-9.9.4-P1
ver =~ "^9\.9\.[0-3]($|[^0-9])" ||
ver =~ "^9\.9\.4(b[1-2]|rc[1-2])?$"
)
fix = '9.9.5 / 9.9.4-P1';
else if (
# Subscription from DNSco
# 9.9.3-S1
(ver == "9.9.3-S1" || ver == "9.9.4-S1")
)
fix = "9.9.4-S1-P1";
else
audit(AUDIT_LISTEN_NOT_VULN, "BIND", 53, ver, "UDP");
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:53, proto:"udp", extra:report);
}
else security_warning(port:53, proto:"udp");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6230
ftp.isc.org/isc/bind9/9.6-ESV-R10-P1/CHANGES
ftp.isc.org/isc/bind9/9.8.6-P1/CHANGES
ftp.isc.org/isc/bind9/9.9.4-P1/CHANGES
www.nessus.org/u?1c70dc0f
www.nessus.org/u?b819444d
www.nessus.org/u?d2ca0d76
www.nessus.org/u?fb52a286
kb.isc.org/article/AA-01067
kb.isc.org/article/AA-01068
kb.isc.org/article/AA-01069/
kb.isc.org/docs/aa-01062