4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.3%
A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.
BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC:
_There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. _
This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2
An attacker may be able to add fake NXDOMAIN records to a resolver’s cache.
Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.
360341
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 15, 2010 Updated: January 27, 2010
Affected
We have not received a statement from the vendor.
Fedora has published more information regarding this issue:
<http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html>
Notified: January 15, 2010 Updated: January 19, 2010
Affected
We have not received a statement from the vendor.
Please see <https://www.isc.org/advisories/CVE-2010-0097> for more information regarding the vulnerability.
Notified: January 15, 2010 Updated: January 27, 2010
Affected
We have not received a statement from the vendor.
Red Hat has published more information regarding this issue:
<http://rhn.redhat.com/errata/RHSA-2010-0062.html>
Notified: January 15, 2010 Updated: January 27, 2010
Statement Date: January 21, 2010
Affected
We have not received a statement from the vendor.
Please see the following document for more information:
<http://sunsolve.sun.com/search/document.do?assetkey=1-66-275890-1>
Notified: January 15, 2010 Updated: January 27, 2010
Statement Date: January 18, 2010
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 27, 2010
Affected
We have not received a statement from the vendor.
Ubuntu has published more information regarding this issue:
<http://www.ubuntu.com/usn/USN-888-1>
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 15, 2010 Updated: January 14, 2010
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 53 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<https://www.isc.org/advisories/CVE-2010-0097>
This issue was reported by ISC.
This document was written by David Warren.
CVE IDs: | CVE-2010-0097 |
---|---|
Date Public: | 2010-01-19 Date First Published: |