Check Point Advisories

ISC BIND Regular Expression Handling Denial of Service (CVE-2013-2266)

Check Point Reference: CPAI-2013-1670
Date Published: 17 Apr 2013
Severity: High
Last Updated: 14 Feb 2016
Industry Reference:CVE-2013-2266
Protection Provided by:

Security Gateway
R80, R77, R75

Who is Vulnerable?
Vulnerability Description A denial of service vulnerability exists in ISC BIND. A successful attack can lead to excessive memory consumption of the BIND process, eventually leading to a denial-of-service condition. The vulnerability occurs when the server processes a overly complicated rule. A remote attacker could attack the server by getting the rule loaded to the server using proper DNS protocol.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the ISC BIND Regular Expression Handling Denial of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  DNS Enforcement Violation.
Attack Information:  ISC BIND Regular Expression Handling Denial of Service

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO