CVE-2013-6230: FAQ and Supplemental Information
- Updated on 06 Nov 2013
- 2 minutes to read
This page provides supplemental information for the CVE-2013-6230 Security Advisory (https://kb.isc.org/article/AA-01062).
Why aren't the Windows versions listed?
At this time, we don't know which Microsoft Windows operating system versions or service pack versions have this problem. We have verified the problem only on Windows 2008 server, but others have reported the problem on unknown Windows versions. We suggest Windows users upgrade to the patched version or use the workarounds.
How can I detect if my Windows has this issue?
The BIND source code includes bin/tests/inter_test.c which is not built by default. Building and running this interface iterator test will display the detected settings. MIcrosoft also provides test code at /Softlib/MSLFILES/INTRFC.EXE from ftp.microsoft.com which programmatically retrieves IP Interface information. This is an extractable zip file containing the source code from Microsoft demonstrating the API. After it is built, the output of running this may be compared with ipconfig output. Check the netmask details to see if interfaces listed with ipconfig that show 255.255.255.255 are reported by the test tools to be 0.0.0.0. We recommend upgrading to our patched version of BIND.
The patched version of BIND will report if it detects this, for example:
omitting IPv4 interface TCP/IP Interface 3 from localnets ACL: zero prefix length detected
Where can I learn more about this Windows API?
The related Winsock API is documented at http://msdn.microsoft.com/en-us/library/windows/desktop/ms741621%28v=vs.85%29.aspx (WSAIoctl function with the SIO_GET_INTERFACE_LIST command) and http://msdn.microsoft.com/en-us/library/windows/desktop/ms738568%28v=vs.85%29.aspx (INTERFACE_INFO structure).
What about other operating system platforms?
We don't know about other operating systems that return the wrong netmask. We have tested on various Unix-like systems. Nevertheless, with the patch, the coded workaround for all platforms checks for the 0.0.0.0 netmask and will not add it to the localnets ACL.
© 2001-2018 Internet Systems Consortium For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership. ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.