ID CVE-2010-0382 Type cve Reporter NVD Modified 2017-09-18T21:30:22
Description
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
{"result": {"f5": [{"id": "SOL15787", "type": "f5", "title": "SOL15787 - BIND vulnerability CVE-2010-0382", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL9502: BIG-IP hotfix matrix\n", "published": "2014-11-03T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15787.html", "cvelist": ["CVE-2010-0382"], "lastseen": "2016-09-26T17:23:07"}], "nessus": [{"id": "F5_BIGIP_SOL15787.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (SOL15787)", "description": "ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.", "published": "2014-11-04T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78835", "cvelist": ["CVE-2010-0382", "CVE-2009-4022"], "lastseen": "2017-10-29T13:42:42"}, {"id": "BIND9_DNSSEC_CACHE_POISONING.NASL", "type": "nessus", "title": "ISC BIND 9 DNSSEC Cache Poisoning", "description": "According to its version number, the remote installation of BIND suffers from a cache poisoning vulnerability. This issue affects all versions prior to 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.\n\nNote that only nameservers that allow recursive queries and validate DNSSEC records are affected. Nessus has not attempted to verify if this configuration applies to the remote service, though, so this could be a false positive.", "published": "2009-12-02T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=42983", "cvelist": ["CVE-2010-0382", "CVE-2009-4022"], "lastseen": "2017-10-29T13:33:08"}, {"id": "DEBIAN_DSA-2054.NASL", "type": "nessus", "title": "Debian DSA-2054-1 : bind9 - DNS cache poisoning", "description": "Several cache-poisoning vulnerabilities have been discovered in BIND.\nThese vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.\n\n - CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.\n\n - CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.\n\nIn addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the 'roll over and die' phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains.\n\nThis update is based on a new upstream version of BIND 9, 9.6-ESV-R1.\nBecause of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using 'apt-get dist-upgrade' (or an equivalent aptitude command).", "published": "2010-06-08T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=46829", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-10-29T13:39:03"}, {"id": "REDHAT-RHSA-2010-0062.NASL", "type": "nessus", "title": "RHEL 5 : bind (RHSA-2010:0062)", "description": "Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097)\n\nThe original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.\n(CVE-2010-0290)\n\nAll BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2010-01-21T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44105", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-10-29T13:36:42"}, {"id": "ORACLELINUX_ELSA-2010-0062.NASL", "type": "nessus", "title": "Oracle Linux 5 : bind (ELSA-2010-0062)", "description": "From Red Hat Security Advisory 2010:0062 :\n\nUpdated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097)\n\nThe original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.\n(CVE-2010-0290)\n\nAll BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2013-07-12T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67991", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-10-29T13:37:02"}, {"id": "CENTOS_RHSA-2010-0062.NASL", "type": "nessus", "title": "CentOS 5 : bind (CESA-2010:0062)", "description": "Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097)\n\nThe original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.\n(CVE-2010-0290)\n\nAll BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2010-01-21T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44099", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-10-29T13:39:51"}, {"id": "GENTOO_GLSA-201006-11.NASL", "type": "nessus", "title": "GLSA-201006-11 : BIND: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201006-11 (BIND: Multiple vulnerabilities)\n\n Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below.\n Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022.\n Impact :\n\n An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites.\n Workaround :\n\n There is no known workaround at this time.", "published": "2010-06-02T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=46778", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2017-10-29T13:43:36"}, {"id": "AIX_IV11743.NASL", "type": "nessus", "title": "AIX 6.1 TL 6 : bind9 (IV11743)", "description": "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure.\n\nFurthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.", "published": "2013-01-24T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63706", "cvelist": ["CVE-2010-0382", "CVE-2010-0097", "CVE-2009-0025", "CVE-2011-4313"], "lastseen": "2017-10-29T13:33:33"}, {"id": "AIX_IV09978.NASL", "type": "nessus", "title": "AIX 6.1 TL 7 : bind9 (IV09978)", "description": "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure.\n\nFurthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.", "published": "2013-01-24T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63700", "cvelist": ["CVE-2010-0382", "CVE-2010-0097", "CVE-2009-0025", "CVE-2011-4313"], "lastseen": "2017-10-29T13:41:49"}, {"id": "AIX_IV11742.NASL", "type": "nessus", "title": "AIX 6.1 TL 5 : bind9 (IV11742)", "description": "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure.\n\nFurthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.", "published": "2013-01-24T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63705", "cvelist": ["CVE-2010-0382", "CVE-2010-0097", "CVE-2009-0025", "CVE-2011-4313"], "lastseen": "2017-10-29T13:43:27"}], "openvas": [{"id": "OPENVAS:136141256231067632", "type": "openvas", "title": "Debian Security Advisory DSA 2054-2 (bind9)", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2054-2.", "published": "2010-07-06T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067632", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2018-01-06T13:05:00"}, {"id": "OPENVAS:835240", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX02546", "description": "Check for the Version of BIND", "published": "2010-10-01T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=835240", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2009-4022"], "lastseen": "2017-12-14T11:48:51"}, {"id": "OPENVAS:1361412562310835240", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX02546", "description": "Check for the Version of BIND", "published": "2010-10-01T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835240", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2009-4022"], "lastseen": "2018-01-02T10:54:40"}, {"id": "OPENVAS:136141256231067539", "type": "openvas", "title": "Debian Security Advisory DSA 2054-1 (bind9)", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2054-1.", "published": "2010-06-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067539", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2018-01-11T11:04:40"}, {"id": "OPENVAS:67632", "type": "openvas", "title": "Debian Security Advisory DSA 2054-2 (bind9)", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2054-2.", "published": "2010-07-06T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67632", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-07-24T12:49:15"}, {"id": "OPENVAS:1361412562310100458", "type": "openvas", "title": "ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability", "description": "ISC BIND 9 is prone to a remote cache-poisoning vulnerability.", "published": "2010-01-20T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100458", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-07-02T21:09:53"}, {"id": "OPENVAS:67539", "type": "openvas", "title": "Debian Security Advisory DSA 2054-1 (bind9)", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2054-1.", "published": "2010-06-10T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67539", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2017-07-24T12:49:24"}, {"id": "OPENVAS:136141256231069014", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-11 (BIND)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-11.", "published": "2011-03-09T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069014", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2018-04-06T11:36:00"}, {"id": "OPENVAS:1361412562310122397", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0062", "description": "Oracle Linux Local Security Checks ELSA-2010-0062", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122397", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2017-07-24T12:53:57"}, {"id": "OPENVAS:69014", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201006-11 (BIND)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201006-11.", "published": "2011-03-09T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=69014", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2017-09-04T14:19:58"}], "debian": [{"id": "DSA-2054", "type": "debian", "title": "bind9 -- DNS cache poisoning", "description": "Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.\n\nThe Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2010-0097](<https://security-tracker.debian.org/tracker/CVE-2010-0097>)\n\nBIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.\n\n * [CVE-2010-0290](<https://security-tracker.debian.org/tracker/CVE-2010-0290>)\n\nWhen processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.\n\n * [CVE-2010-0382](<https://security-tracker.debian.org/tracker/CVE-2010-0382>)\n\nWhen processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.\n\nIn addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the \"roll over and die\" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains.\n\nThis update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using \"apt-get dist-upgrade\" (or an equivalent aptitude command).\n\nFor the stable distribution (lenny), these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1:9.7.0.dfsg-1.\n\nWe recommend that you upgrade your bind9 packages.", "published": "2010-06-04T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2054", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097"], "lastseen": "2016-09-02T18:28:15"}], "oraclelinux": [{"id": "ELSA-2010-0062", "type": "oraclelinux", "title": "bind security update", "description": "[30:9.3.6-4.P1.2]\n- NSEC validation code could cause wrong NXDOMAIN responses (#554851,\n CVE-2010-0097)\n- improve fix for CVE-2009-4022 (#538744)\n - {C,D}NAMEs could be returned to clients without proper DNSSEC validation\n - don't validate + cache out-of-bailiwick data returned with a secure answer.\n Refetch it instead. ", "published": "2010-01-20T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0062.html", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2016-09-04T11:16:16"}], "gentoo": [{"id": "GLSA-201006-11", "type": "gentoo", "title": "BIND: Multiple vulnerabilities", "description": "### Background\n\nISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. \n\n### Description\n\nMultiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. \n\nNote: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022. \n\n### Impact\n\nAn attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll BIND users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.4.3_p5\"", "published": "2010-06-01T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201006-11", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2016-09-06T19:46:00"}], "centos": [{"id": "CESA-2010:0062", "type": "centos", "title": "bind, caching security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0062\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was\nrunning as a DNSSEC-validating resolver, it could incorrectly cache\nNXDOMAIN responses, as if they were valid, for records proven by NSEC or\nNSEC3 to exist. A remote attacker could use this flaw to cause a BIND\nserver to return the bogus, cached NXDOMAIN responses for valid records and\nprevent users from retrieving those records (denial of service).\n(CVE-2010-0097)\n\nThe original fix for CVE-2009-4022 was found to be incomplete. BIND was\nincorrectly caching certain responses without performing proper DNSSEC\nvalidation. CNAME and DNAME records could be cached, without proper DNSSEC\nvalidation, when received from processing recursive client queries that\nrequested DNSSEC records but indicated that checking should be disabled. A\nremote attacker could use this flaw to bypass the DNSSEC validation check\nand perform a cache poisoning attack if the target BIND server was\nreceiving such client queries. (CVE-2010-0290)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016477.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016478.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\n", "published": "2010-01-20T17:59:57", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/016477.html", "cvelist": ["CVE-2010-0382", "CVE-2010-0290", "CVE-2010-0097", "CVE-2009-4022"], "lastseen": "2017-10-03T18:25:48"}], "redhat": [{"id": "RHSA-2010:0062", "type": "redhat", "title": "(RHSA-2010:0062) Moderate: bind security update", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was\nrunning as a DNSSEC-validating resolver, it could incorrectly cache\nNXDOMAIN responses, as if they were valid, for records proven by NSEC or\nNSEC3 to exist. A remote attacker could use this flaw to cause a BIND\nserver to return the bogus, cached NXDOMAIN responses for valid records and\nprevent users from retrieving those records (denial of service).\n(CVE-2010-0097)\n\nThe original fix for CVE-2009-4022 was found to be incomplete. BIND was\nincorrectly caching certain responses without performing proper DNSSEC\nvalidation. CNAME and DNAME records could be cached, without proper DNSSEC\nvalidation, when received from processing recursive client queries that\nrequested DNSSEC records but indicated that checking should be disabled. A\nremote attacker could use this flaw to bypass the DNSSEC validation check\nand perform a cache poisoning attack if the target BIND server was\nreceiving such client queries. (CVE-2010-0290)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "published": "2010-01-20T05:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0062", "cvelist": ["CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382"], "lastseen": "2017-09-09T07:20:19"}], "vmware": [{"id": "VMSA-2010-0009", "type": "vmware", "title": "ESXi utilities and ESX Service Console third party updates", "description": "a. Service Console update for COS kernel \n \nUpdated COS package \"kernel\" addresses the security issues that are fixed through versions 2.6.18-164.11.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "published": "2010-05-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2010-0009.html", "cvelist": ["CVE-2009-3613", "CVE-2009-3556", "CVE-2009-1386", "CVE-2009-4537", "CVE-2009-1379", "CVE-2009-3939", "CVE-2009-1377", "CVE-2009-4272", "CVE-2009-3621", "CVE-2009-3726", "CVE-2009-2910", "CVE-2009-4355", "CVE-2009-4141", "CVE-2009-2409", "CVE-2009-3563", "CVE-2009-1387", "CVE-2010-0001", "CVE-2007-4567", "CVE-2010-0382", "CVE-2009-1378", "CVE-2010-0290", "CVE-2009-0590", "CVE-2009-3080", "CVE-2009-4538", "CVE-2009-3547", "CVE-2006-6304", "CVE-2009-4020", "CVE-2009-3620", "CVE-2010-0426", "CVE-2009-4536", "CVE-2010-0427", "CVE-2009-2908", "CVE-2009-1384", "CVE-2009-3228", "CVE-2009-3889", "CVE-2010-0097", "CVE-2009-4212", "CVE-2009-4021", "CVE-2009-3286", "CVE-2009-3612", "CVE-2009-3736", "CVE-2009-4138", "CVE-2009-2695"], "lastseen": "2016-09-04T11:19:30"}]}}
