The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Isc
  • Bind

Configuration 1 [-]

OR cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.4:b1:*:*:*:*:*:*

No data.

References
Link Providers
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391 cve-icon cve-icon
https://kb.isc.org/article/AA-01062 cve-icon cve-icon cve-icon
https://kb.isc.org/article/AA-01063 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-6230 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-6230 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-08T02:00:00

Updated: 2024-08-06T17:38:58.810Z

Reserved: 2013-10-21T00:00:00

Link: CVE-2013-6230

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-11-08T04:47:23.087

Modified: 2024-11-21T01:58:53.317

Link: CVE-2013-6230

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-11-06T00:00:00Z

Links: CVE-2013-6230 - Bugzilla