Computer Security

CVE-2010-0290
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2010-0290
StatusCandidate
DescriptionUnspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
SeverityMedium
CVSS score4
CVSS vector(AV:N/AC:H/Au:N/C:N/I:P/A:P)
PhaseAssigned (18.07.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0290
ReferencesCONFIRM : http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=554851
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=557121
 CONFIRM : https://www.isc.org/advisories/CVE-2009-4022v6
 DEBIAN : DSA-2054
 MANDRIVA : MDVSA-2010:021
 MLIST : [oss-security] 20100119 BIND CVE-2009-4022 fix incomplete
 MLIST : [oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete
 OVAL : oval:org.mitre.oval:def:7512
 OVAL : oval:org.mitre.oval:def:8884
 REDHAT : RHSA-2010:0062
 SECUNIA : 38219
 SECUNIA : 38240
 SECUNIA : 40086
 SUSE : SUSE-SA:2010:008
 UBUNTU : USN-888-1
 VUPEN : ADV-2010-0176
 VUPEN : ADV-2010-0622
 VUPEN : ADV-2010-1352
SecurityVulns:bind DNS server cache poisoning
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server