CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
Percentile
85.8%
A vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache.
BIND 9 contains a vulnerability in the way recursive client queries are handled. According to ISC:
_A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query with checking disabled (CD), or when the nameserver internally triggers a query for missing records for recursive name resolution. Cached records can be returned in response to subsequent client queries with or without requesting DNSSEC records (DO). In addition, some of them can be returned to queries with or without checking disabled (CD). _
This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P3, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.1-P1.
An attacker may be able to manipulate cache data and perform DNS Cache Poisoning.
Upgrade
BIND should be upgraded to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.
Disable DNSSEC Validation
According to ISC:
Disabling DNSSEC validation will also prevent incorrect caching of additional records due to this defect. However, this removes DNSSEC validation protection and the ability of the nameserver to deliver authenticated data in query responses.
418861
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 02, 2009 Updated: December 02, 2009
Affected
We have not received a statement from the vendor.
Refer to <https://www.isc.org/node/504> for more information.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: December 02, 2009 Updated: December 02, 2009
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 55 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<https://www.isc.org/node/504>
ISC credits Michael Sinatra, UC Berkeley with finding this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2009-4022 |
---|---|
Date Public: | 2009-11-19 Date First Published: |