Published: 25/11/2009 Updated: 19/09/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 233

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Unspecified vulnerability in ISC BIND 9.0.x up to and including 9.3.x, 9.4 prior to 9.4.3-P4, 9.5 prior to 9.5.2-P1, 9.6 prior to 9.6.1-P2, and 9.7 beta prior to 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote malicious users to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.7.0
isc bind 9.6.0
isc bind 9.5.1
isc bind 9.5.0
isc bind 9.4.3
isc bind 9.4.0
isc bind 9.3.5
isc bind 9.3.4
isc bind 9.3.1
isc bind 9.3.0
isc bind 9.2.7
isc bind 9.2.4
isc bind 9.2.3
isc bind 9.2.1
isc bind 9.2.0
isc bind 9.2
isc bind 9.1.1
isc bind 9.1.0
isc bind 9.1
isc bind 9.0.1
isc bind 9.0.0
isc bind 9.6.1
isc bind 9.5.2
isc bind 9.4.2
isc bind 9.4.1
isc bind 9.3.2
isc bind 9.2.5
isc bind 9.2.2
isc bind 9.1.2
isc bind 9.3.6
isc bind 9.3.3
isc bind 9.2.9
isc bind 9.2.8
isc bind 9.1.3
isc bind 9.3
isc bind 9.2.6
isc bind 9.0

Synopsis Moderate: bind security update Type/Severity Security Advisory: Moderate Topic Updated bind packages that fix two security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches (CVE-2010-0097) ...

Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches Among other things, this could lead to misdirected email and web traffic ...

Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare Note that this update contain ...

CVE-2009-4022

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect