Computer Security

CVE-2010-0382
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2010-0382
StatusCandidate
DescriptionISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819.  NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
SeverityHigh
CVSS score7,6
CVSS vector(AV:N/AC:H/Au:N/C:C/I:C/A:C)
PhaseAssigned (18.07.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0382
ReferencesCONFIRM : http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
 CONFIRM : https://www.isc.org/advisories/CVE-2009-4022v6
 DEBIAN : DSA-2054
 OVAL : oval:org.mitre.oval:def:11753
 OVAL : oval:org.mitre.oval:def:7086
 SECUNIA : 40086
 VUPEN : ADV-2010-0622
 VUPEN : ADV-2010-1352
SecurityVulns:bind DNS server cache poisoning
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server