Knowledge Base ISC Main Website Ask a Question/Contact ISC
CVE-2013-6230: FAQ and Supplemental Information
Author: Jeremy Reed Reference Number: AA-01063 Views: 1152 Created: 2013-10-16 14:02 Last Updated: 2013-11-06 20:13 0 Rating/ Voters

This page provides supplemental information for the CVE-2013-6230 Security Advisory (https://kb.isc.org/article/AA-01062).

Why aren't the Windows versions listed?

At this time, we don't know which Microsoft Windows operating system versions or service pack versions have this problem. We have verified the problem only on Windows 2008 server, but others have reported the problem on unknown Windows versions. We suggest Windows users upgrade to the patched version or use the workarounds.

How can I detect if my Windows has this issue?

The BIND source code includes bin/tests/inter_test.c which is not built by default. Building and running this interface iterator test will display the detected settings.  MIcrosoft also provides test code at /Softlib/MSLFILES/INTRFC.EXE from ftp.microsoft.com which programmatically retrieves IP Interface information. This is an extractable zip file containing the source code from Microsoft demonstrating the API. After it is built, the output of running this may be compared with ipconfig output. Check the netmask details to see if interfaces listed with ipconfig that show 255.255.255.255 are reported by the test tools to be 0.0.0.0.  We recommend upgrading to our patched version of BIND.

The patched version of BIND will report if it detects this, for example:

  omitting IPv4 interface TCP/IP Interface 3 from localnets ACL: zero prefix length detected

Where can I learn more about this Windows API?

The related Winsock API is documented at http://msdn.microsoft.com/en-us/library/windows/desktop/ms741621%28v=vs.85%29.aspx (WSAIoctl function with the SIO_GET_INTERFACE_LIST command) and http://msdn.microsoft.com/en-us/library/windows/desktop/ms738568%28v=vs.85%29.aspx (INTERFACE_INFO structure).

What about other operating system platforms?

We don't know about other operating systems that return the wrong netmask. We have tested on various Unix-like systems. Nevertheless, with the patch, the coded workaround for all platforms checks for the 0.0.0.0 netmask and will not add it to the localnets ACL.

© 2001-2014 Internet Systems Consortium

Feedback
  • Please help us to improve the content of our knowledge base by letting us know how we can improve this article or by submitting suggestions for other articles you'd like to see created. Information on how to obtain further help on our products or services can be found on our main website.' If you have a technical question or problem on which you'd like help, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu