Lucene search

PRIOn knowledge basePRION:CVE-2009-4022

HistoryNov 25, 2009 - 4:30 p.m.

Design/Logic Flaw

2009-11-2516:30:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed “at the same time as requesting DNSSEC records (DO),” aka Bug 20438.

CPENameOperatorVersion
bindeq9.2.0 rc7
bindeq9.1.1 rc6
bindeq9.3.1 rc1
bindeq9.5.0 a6
bindeq9.1.1
bindeq9.4.3 b1
bindeq9.2.3 rc2
bindeq9.1.3
bindeq9.5.1 b2
bindeq9.7.0 rc2

Name	Operator	Version
bind	eq	9.2.0 rc7
bind	eq	9.1.1 rc6
bind	eq	9.3.1 rc1
bind	eq	9.5.0 a6
bind	eq	9.1.1
bind	eq	9.4.3 b1
bind	eq	9.2.3 rc2
bind	eq	9.1.3
bind	eq	9.5.1 b2
bind	eq	9.7.0 rc2

Rows per page:

1-10 of 1691

References

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

osvdb.org/60493

secunia.com/advisories/37426

secunia.com/advisories/37491

secunia.com/advisories/38219

secunia.com/advisories/38240

secunia.com/advisories/38794

secunia.com/advisories/38834

secunia.com/advisories/39334

secunia.com/advisories/40730

sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1

support.apple.com/kb/HT5002

wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

www.ibm.com/support/docview.wss?uid=isg1IZ68597

www.ibm.com/support/docview.wss?uid=isg1IZ71667

www.ibm.com/support/docview.wss?uid=isg1IZ71774

www.kb.cert.org/vuls/id/418861

www.mandriva.com/security/advisories?name=MDVSA-2009:304

www.openwall.com/lists/oss-security/2009/11/24/1

www.openwall.com/lists/oss-security/2009/11/24/2

www.openwall.com/lists/oss-security/2009/11/24/8

www.redhat.com/support/errata/RHSA-2009-1620.html

www.securityfocus.com/bid/37118

www.ubuntu.com/usn/USN-888-1

www.vupen.com/english/advisories/2009/3335

www.vupen.com/english/advisories/2010/0176

www.vupen.com/english/advisories/2010/0528

www.vupen.com/english/advisories/2010/0622

bugzilla.redhat.com/show_bug.cgi?id=538744

exchange.xforce.ibmcloud.com/vulnerabilities/54416

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

issues.rpath.com/browse/RPL-3152

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459

www.isc.org/advisories/CVE-2009-4022v6

www.isc.org/advisories/CVE2009-4022

www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html

6.4 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

Related for PRION:CVE-2009-4022