CVE-2009-4022
6.7 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.6%
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed “at the same time as requesting DNSSEC records (DO),” aka Bug 20438.
References
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.vmware.com/pipermail/security-announce/2010/000082.html
osvdb.org/60493
secunia.com/advisories/37426
secunia.com/advisories/37491
secunia.com/advisories/38219
secunia.com/advisories/38240
secunia.com/advisories/38794
secunia.com/advisories/38834
secunia.com/advisories/39334
secunia.com/advisories/40730
sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
support.apple.com/kb/HT5002
wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
www.ibm.com/support/docview.wss?uid=isg1IZ68597
www.ibm.com/support/docview.wss?uid=isg1IZ71667
www.ibm.com/support/docview.wss?uid=isg1IZ71774
www.kb.cert.org/vuls/id/418861
www.mandriva.com/security/advisories?name=MDVSA-2009:304
www.openwall.com/lists/oss-security/2009/11/24/1
www.openwall.com/lists/oss-security/2009/11/24/2
www.openwall.com/lists/oss-security/2009/11/24/8
www.redhat.com/support/errata/RHSA-2009-1620.html
www.securityfocus.com/bid/37118
www.ubuntu.com/usn/USN-888-1
www.vupen.com/english/advisories/2009/3335
www.vupen.com/english/advisories/2010/0176
www.vupen.com/english/advisories/2010/0528
www.vupen.com/english/advisories/2010/0622
bugzilla.redhat.com/show_bug.cgi?id=538744
exchange.xforce.ibmcloud.com/vulnerabilities/54416
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
issues.rpath.com/browse/RPL-3152
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
www.isc.org/advisories/CVE-2009-4022v6
www.isc.org/advisories/CVE2009-4022
www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Related
6.7 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.6%