Published: 22/01/2010 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9

VMScore: 358

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P

Unspecified vulnerability in ISC BIND 9.0.x up to and including 9.3.x, 9.4 prior to 9.4.3-P5, 9.5 prior to 9.5.2-P2, 9.6 prior to 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote malicious users to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.6.1
isc bind 9.2.0
isc bind 9.1.1
isc bind 9.3.1
isc bind 9.4.3
isc bind 9.2.3
isc bind 9.1.3
isc bind 9.10.1
isc bind 9.4.0
isc bind 9.3.5
isc bind 9.7.0
isc bind 9.3.2
isc bind 9.10.3
isc bind 9.2.8
isc bind 9.2
isc bind 9.3.0
isc bind 9.2.4
isc bind 9.2.1
isc bind 9.0.0
isc bind 9.3
isc bind 9.3.4
isc bind 9.1.0
isc bind 9.2.7
isc bind 9.2.5
isc bind 9.3.6
isc bind 9.2.2
isc bind 9.4.1
isc bind 9.3.3
isc bind 9.6.0
isc bind 9.4
isc bind 9.1.2
isc bind 9.4.2
isc bind 9.1
isc bind 9.2.9
isc bind 9.0.1
isc bind 9.0
isc bind 9.2.6

Synopsis Moderate: bind security update Type/Severity Security Advisory: Moderate Topic Updated bind packages that fix two security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches (CVE-2010-0097) ...

Several cache-poisoning vulnerabilities have been discovered in BIND These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC recor ...

NVD-CWE-noinfo http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 http://marc.info/?l=oss-security&m=126393609503704&w=2 https://www.isc.org/advisories/CVE-2009-4022v6 https://bugzilla.redhat.com/show_bug.cgi?id=557121 https://bugzilla.redhat.com/show_bug.cgi?id=554851 http://www.vupen.com/english/advisories/2010/0176 https://rhn.redhat.com/errata/RHSA-2010-0062.html http://www.ubuntu.com/usn/USN-888-1 http://marc.info/?l=oss-security&m=126399602810086&w=2 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://www.vupen.com/english/advisories/2010/0622 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.debian.org/security/2010/dsa-2054 http://secunia.com/advisories/40086 http://www.vupen.com/english/advisories/2010/1352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815 https://access.redhat.com/errata/RHSA-2010:0062 https://usn.ubuntu.com/888-1/https://nvd.nist.gov

CVE-2010-0290

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect