CVE-2013-6230
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
08/11/2013
Last modified:
11/04/2025
Description
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
- https://kb.isc.org/article/AA-01062
- https://kb.isc.org/article/AA-01063
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391
- https://kb.isc.org/article/AA-01062
- https://kb.isc.org/article/AA-01063