CVE-2013-6230
Last modified
CVE-2013-6230 is a vulnerability of currently unknown severity. The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.. EPSS estimates a 5.71% chance of exploitation in the next 30 days.
Description
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Isc | Bind | 9.6 | — |
| Isc | Bind | 9.8.0 | — |
| Isc | Bind | 9.8.1 | — |
| Isc | Bind | 9.8.2 | B1 |
| Isc | Bind | 9.8.3 | — |
| Isc | Bind | 9.8.4 | — |
| Isc | Bind | 9.8.5 | — |
| Isc | Bind | 9.8.6 | B1 |
| Isc | Bind | 9.9.0 | — |
| Isc | Bind | 9.9.1 | — |
| Isc | Bind | 9.9.2 | — |
| Isc | Bind | 9.9.3 | — |
| Isc | Bind | 9.9.4 | B1 |
References
- https://kb.isc.org/article/AA-01062Vendor Advisory
- https://kb.isc.org/article/AA-01063Vendor Advisory
- https://kb.isc.org/article/AA-01062Vendor Advisory
- https://kb.isc.org/article/AA-01063Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-6230?
How severe is CVE-2013-6230?
How do I fix CVE-2013-6230?
Are you affected by CVE-2013-6230?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST