Computer Security

CVE-2009-4022
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-4022
StatusCandidate
DescriptionUnspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
SeverityLow
CVSS score2,6
CVSS vector(AV:N/AC:H/Au:N/C:N/I:P/A:N)
PhaseAssigned (27.10.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4022
ReferencesAIXAPAR : IZ68597
 AIXAPAR : IZ71667
 AIXAPAR : IZ71774
 BID : 37118
 CERT-VN : VU#418861
 CONFIRM : ftp://ftp.sco.com/pub/unixware7/714/security/p5352...
 CONFIRM : http://aix.software.ibm.com/aix/efixes/security/bi...
 CONFIRM : http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=538744
 CONFIRM : https://issues.rpath.com/browse/RPL-3152
 CONFIRM : https://www.isc.org/advisories/CVE-2009-4022v6
 CONFIRM : https://www.isc.org/advisories/CVE2009-4022
 FEDORA : FEDORA-2009-12218
 FEDORA : FEDORA-2009-12233
 MANDRIVA : MDVSA-2009:304
 MLIST : [oss-security] 20091124 a new bind issue
 MLIST : [oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section
 MLIST : [oss-security] 20091124 Re: a new bind issue
 MLIST : [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
 OSVDB : 60493
 OVAL : oval:org.mitre.oval:def:10821
 OVAL : oval:org.mitre.oval:def:7459
 REDHAT : RHSA-2009:1620
 SECUNIA : 37426
 SECUNIA : 37491
 SECUNIA : 38219
 SECUNIA : 38240
 SECUNIA : 38794
 SECUNIA : 38834
 SECUNIA : 39334
 SECUNIA : 40730
 SUNALERT : 1021660
 SUNALERT : 1021798
 UBUNTU : USN-888-1
 VUPEN : ADV-2009-3335
 VUPEN : ADV-2010-0176
 VUPEN : ADV-2010-0528
 VUPEN : ADV-2010-0622
 XF : bind-dnssec-cache-poisoning(54416)
SecurityVulns:bind DNS server cache poisoning
 Apple OS X multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server