-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2013-0033

Title: Denial of Service on Bind BIND nameservers [1]

Version history:
05.04.2013 Initial publication

Summary
=======
A critical defect in BIND 9 allows an attacker to cause excessive memory
consumption in named or other programs linked to libdns.

CVE Numbers:
CVE-2013-2266

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3]

Vulnerable systems
==================
"Unix" versions of 9.7.x, 9.8.0 -> 9.8.5b1, 9.9.0 -> 9.9.3b1. (Windows
versions are not affected)

Original Details
================
A flaw in a library used by BIND 9.7, 9.8, and 9.9, when compiled on
Unix and related operating systems, allows an attacker to deliberately
cause excessive memory consumption by the named process, potentially
resulting in exhaustion of memory resources on the affected server.
This condition can crash BIND 9 and will likely severely affect
operation of other programs running on the same machine.
What can you do?
================
Compile BIND 9 without regular expression support as described in the
"Workarounds" section of this advisory or upgrade to the patched release
most closely related to your current version of BIND. These can be
downloaded from [2].

BIND 9 version 9.8.4-P2
BIND 9 version 9.9.2-P2

What to tell your users?
========================
N/A

More information
================
[1]https://kb.isc.org/article/AA-00871
[2] http://www.isc.org/downloads/all
[3] http://cve.mitre.org/



Best regards,

CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJRZAICAAoJEPpzpNLI8SVowtAQAJHyqFiKDw7AoaqH0ZFtNe9G
0fsb0/N1kvYPTzKT+Aa8cSn2HgE7Sma9eD9G+21AL6ufUYKp5FpBC9nxbKGTlUBN
Y/AASHyKgcs8cqaCiZQPkCM5l+uIiHTd5GIuwHRx+q6y4paGCC98Q9LvDFM4wkBU
ZLwBPnqcj/eMwGBugV1IoLCm+DZ5U3FcKTRHN2atnsW0NnGnnTsqG8cqk7xcb0ci
KZnoKt/h/MSsRAa5wEvA6nONhb5nS6u9OMMYdhWsXwae0bmpxSCbet5S3ykEsoKS
qC4NcxDx8tz7Jn5rmwZUAMR75HwNI0vbpuHEjXlu9ufI7rJZya6rMjyXRhqC+3Ze
GFa0iepyDS8ah0pM158dKswXrbP5EANBr7Yr0kK54xPKP/k2Ls9kxnrSixk5EVy9
1rom3vOpqCo7hBXQDW+nuML2Tj0SRZaqfAIuwXtUKZI3jELhy78kea6Jbu9JWbJX
/cT6sR6dv/PFI02xA7iK/7DVCFBsDHdUsgESfqyfFXaJ1PArc2rMXMTbBWy7I9Z+
NpernNW4Vd1d3W7tXHg+LfisPDeDFfk9nNHON2uIhUQsYniKpV72gslnrxe2cTRa
LKvhUSb8WX/O7aY0SyKnGS3BoVs8gZYPwSncdrAsAQs8jLxGvRpk2ST+kQQbJyHM
zYWs4QPFLAAPD8jCvSXl
=PGuH
-----END PGP SIGNATURE-----