Lucene search

Veracode Vulnerability DatabaseVERACODE:23949

HistoryApr 10, 2020 - 12:41 a.m.

Cache Poisoning Attack

2020-04-1000:41:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

JSON

bind is vulnerable to cache poisoning attack. The vulnerability exists as BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.

CPENameOperatorVersion
bindeq9.3.4__10.P1.el5
bindeq9.3.3__7.el5
bindeq9.3.4__6.0.2.P1.el5_2
bindeq9.3.4__6.P1.el5
bindeq9.3.4__10.P1.el5_3.3
bindeq9.3.4__10.P1.el5_3.2
bindeq9.3.3__10.el5
bindeq9.3.4__6.0.3.P1.el5_2
bindeq9.3.3__9.0.1.el5
bindeq9.3.4__6.0.1.P1.el5_2

Name	Operator	Version
bind	eq	9.3.4__10.P1.el5
bind	eq	9.3.3__7.el5
bind	eq	9.3.4__6.0.2.P1.el5_2
bind	eq	9.3.4__6.P1.el5
bind	eq	9.3.4__10.P1.el5_3.3
bind	eq	9.3.4__10.P1.el5_3.2
bind	eq	9.3.3__10.el5
bind	eq	9.3.4__6.0.3.P1.el5_2
bind	eq	9.3.3__9.0.1.el5
bind	eq	9.3.4__6.0.1.P1.el5_2

Rows per page:

1-10 of 241

References

aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

osvdb.org/60493

secunia.com/advisories/37426

secunia.com/advisories/37491

secunia.com/advisories/38219

secunia.com/advisories/38240

secunia.com/advisories/38794

secunia.com/advisories/38834

secunia.com/advisories/39334

secunia.com/advisories/40730

sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1

support.apple.com/kb/HT5002

wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

www.ibm.com/support/docview.wss?uid=isg1IZ68597

www.ibm.com/support/docview.wss?uid=isg1IZ71667

www.ibm.com/support/docview.wss?uid=isg1IZ71774

www.kb.cert.org/vuls/id/418861

www.mandriva.com/security/advisories?name=MDVSA-2009:304

www.openwall.com/lists/oss-security/2009/11/24/1

www.openwall.com/lists/oss-security/2009/11/24/2

www.openwall.com/lists/oss-security/2009/11/24/8

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2009-1620.html

www.securityfocus.com/bid/37118

www.ubuntu.com/usn/USN-888-1

www.vupen.com/english/advisories/2009/3335

www.vupen.com/english/advisories/2010/0176

www.vupen.com/english/advisories/2010/0528

www.vupen.com/english/advisories/2010/0622

access.redhat.com/errata/RHSA-2009:1620

bugzilla.redhat.com/show_bug.cgi?id=538744

exchange.xforce.ibmcloud.com/vulnerabilities/54416

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

issues.rpath.com/browse/RPL-3152

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459

www.isc.org/advisories/CVE-2009-4022v6

www.isc.org/advisories/CVE2009-4022

www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

JSON

Cache Poisoning Attack

References

Related