How to fix DNS vulnerability CVE-2013-4854?

Refers to:

  • Plesk 11.0 for Windows

Created:

2016-11-16 13:19:45 UTC

Modified:

2016-12-21 20:28:15 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to fix DNS vulnerability CVE-2013-4854?

Symptoms

On July 26th a 0-day DNS vulnerability has been reported: CVE-2013-4854 .

Resolution

Fixed packages have been released by major Linux OS vendors:

RedHat released updated packages, RHEL5, RHEL6:

https://rhn.redhat.com/errata/RHSA-2013-1114.html ml

https://rhn.redhat.com/errata/RHSA-2013-1115.html

Fixed in security branch of Debian :

https://security-tracker.debian.org/tracker/CVE-2013-4854 .

Ubuntu released packages as well: http://www.ubuntu.com/usn/usn-1910-1/ .

So major Linux OS vendors responded with fixed packages.To fix the issue, please update bind packages using OS vendor repositories.

Bind supplied with Plesk 11.5, 11.0, 10.4 for Windows will be patched in the nearest update.

For Plesk for Windows , you can update Bind as below:

  1. Download Bind distributive from: http://www.isc.org/downloads/ .

  2. Extract content of proposed .zip archive to %plesk_dir%\\dns\\bin folder.

  3. Install vcredist_x86.exe which is included in Bind distributive. Just launch it and install on the server.

Have more questions? Submit a request
Please sign in to leave a comment.