Computer Security

bind DNS server cache poisoning
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



bind DNS server cache poisoning
updated since 01.12.2009
Published:17.03.2010
Source:BUGTRAQ
SecurityVulns ID:10431
Type:remote
Level:5/10
Description:It's possible to inject cache record during DNSSEC request processing.
Affected:BIND : bind 9.4
 BIND : bind 9.5
 BIND : bind 9.6
 BIND : bind 9.7
CVE:CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.)
 CVE-2010-0290
 CVE-2009-4022
Original documentdocumentRPATH, rPSA-2010-0018-1 bind bind-utils caching-nameserver (17.03.2010)
 documentMANDRIVA, [ MDVSA-2010:021 ] bind (21.01.2010)
 documentMANDRIVA, [ MDVSA-2009:304 ] bind (01.12.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 


Rating@Mail.ru