ID CVE-2009-4022
Summary Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
References
Vulnerable Configurations
  • ISC BIND 9.7.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.0:rc2
  • ISC BIND 9.7.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.0:rc1
  • ISC BIND 9.7.0 p1
    cpe:2.3:a:isc:bind:9.7.0:p1
  • ISC BIND 9.7.0 Beta 3
    cpe:2.3:a:isc:bind:9.7.0:b3
  • ISC BIND 9.7.0 Beta 2
    cpe:2.3:a:isc:bind:9.7.0:b2
  • ISC BIND 9.7.0 Beta 1
    cpe:2.3:a:isc:bind:9.7.0:b1
  • ISC BIND 9.7.0 Alpha 3
    cpe:2.3:a:isc:bind:9.7.0:a3
  • ISC BIND 9.7.0 Alpha 2
    cpe:2.3:a:isc:bind:9.7.0:a2
  • ISC BIND 9.7.0 Alpha 1
    cpe:2.3:a:isc:bind:9.7.0:a1
  • ISC BIND 9.7.0
    cpe:2.3:a:isc:bind:9.7.0
  • ISC BIND 9.6.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.1:rc1
  • ISC BIND 9.6.1 P1
    cpe:2.3:a:isc:bind:9.6.1:p1
  • ISC BIND 9.6.1 Beta 1
    cpe:2.3:a:isc:bind:9.6.1:b1
  • ISC BIND 9.6.1
    cpe:2.3:a:isc:bind:9.6.1
  • ISC BIND 9.6.0 rc2
    cpe:2.3:a:isc:bind:9.6.0:rc2
  • ISC BIND 9.6.0 rc1
    cpe:2.3:a:isc:bind:9.6.0:rc1
  • ISC BIND 9.6.0 p1
    cpe:2.3:a:isc:bind:9.6.0:p1
  • ISC BIND 9.6.0 Beta 1
    cpe:2.3:a:isc:bind:9.6.0:b1
  • ISC BIND 9.6.0 Alpha 1
    cpe:2.3:a:isc:bind:9.6.0:a1
  • ISC BIND 9.6.0
    cpe:2.3:a:isc:bind:9.6.0
  • ISC BIND 9.5.2 release candidate 1
    cpe:2.3:a:isc:bind:9.5.2:rc1
  • ISC BIND 9.5.2 Beta 1
    cpe:2.3:a:isc:bind:9.5.2:b1
  • ISC BIND 9.5.2
    cpe:2.3:a:isc:bind:9.5.2
  • ISC BIND 9.5.1 rc2
    cpe:2.3:a:isc:bind:9.5.1:rc2
  • ISC BIND 9.5.1 rc1
    cpe:2.3:a:isc:bind:9.5.1:rc1
  • ISC BIND 9.5.1 Beta 3
    cpe:2.3:a:isc:bind:9.5.1:b3
  • ISC BIND 9.5.1 Beta 2
    cpe:2.3:a:isc:bind:9.5.1:b2
  • ISC BIND 9.5.1 Beta 1
    cpe:2.3:a:isc:bind:9.5.1:b1
  • ISC BIND 9.5.1
    cpe:2.3:a:isc:bind:9.5.1
  • ISC BIND 9.5.0 rc1
    cpe:2.3:a:isc:bind:9.5.0:rc1
  • ISC BIND 9.5.0 Patch 2 W2
    cpe:2.3:a:isc:bind:9.5.0:p2_w2
  • ISC BIND 9.5.0 Patch 2 W1
    cpe:2.3:a:isc:bind:9.5.0:p2_w1
  • ISC BIND 9.5.0 Patch 2
    cpe:2.3:a:isc:bind:9.5.0:p2
  • ISC BIND 9.5.0 Patch 1
    cpe:2.3:a:isc:bind:9.5.0:p1
  • ISC BIND 9.5.0 Beta 3
    cpe:2.3:a:isc:bind:9.5.0:b3
  • ISC BIND 9.5.0 Beta 2
    cpe:2.3:a:isc:bind:9.5.0:b2
  • ISC BIND 9.5.0 Beta 1
    cpe:2.3:a:isc:bind:9.5.0:b1
  • ISC BIND 9.5.0 Alpha 7
    cpe:2.3:a:isc:bind:9.5.0:a7
  • ISC BIND 9.5.0 Alpha 6
    cpe:2.3:a:isc:bind:9.5.0:a6
  • ISC BIND 9.5.0 Alpha 5
    cpe:2.3:a:isc:bind:9.5.0:a5
  • ISC BIND 9.5.0 Alpha 4
    cpe:2.3:a:isc:bind:9.5.0:a4
  • ISC BIND 9.5.0 Alpha 3
    cpe:2.3:a:isc:bind:9.5.0:a3
  • ISC BIND 9.5.0 Alpha 2
    cpe:2.3:a:isc:bind:9.5.0:a2
  • ISC BIND 9.5.0 Alpha 1
    cpe:2.3:a:isc:bind:9.5.0:a1
  • ISC BIND 9.5.0
    cpe:2.3:a:isc:bind:9.5.0
  • ISC BIND 9.4.3 rc1
    cpe:2.3:a:isc:bind:9.4.3:rc1
  • ISC BIND 9.4.3 Patch 3
    cpe:2.3:a:isc:bind:9.4.3:p3
  • ISC BIND 9.4.3 Patch 2
    cpe:2.3:a:isc:bind:9.4.3:p2
  • ISC BIND 9.4.3 Patch 1
    cpe:2.3:a:isc:bind:9.4.3:p1
  • ISC BIND 9.4.3 Beta 3
    cpe:2.3:a:isc:bind:9.4.3:b3
  • ISC BIND 9.4.3 Beta 2
    cpe:2.3:a:isc:bind:9.4.3:b2
  • ISC BIND 9.4.3 Beta 1
    cpe:2.3:a:isc:bind:9.4.3:b1
  • ISC BIND 9.4.3
    cpe:2.3:a:isc:bind:9.4.3
  • ISC BIND 9.4.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.4.2:rc2
  • ISC BIND 9.4.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.4.2:rc1
  • ISC BIND 9.4.2
    cpe:2.3:a:isc:bind:9.4.2
  • ISC BIND 9.4.1
    cpe:2.3:a:isc:bind:9.4.1
  • ISC BIND 9.4.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.4.0:rc2
  • ISC BIND 9.4.0rc1
    cpe:2.3:a:isc:bind:9.4.0:rc1
  • ISC BIND 9.4.0 Beta 4
    cpe:2.3:a:isc:bind:9.4.0:b4
  • ISC BIND 9.4.0 Beta 3
    cpe:2.3:a:isc:bind:9.4.0:b3
  • ISC BIND 9.4.0 Beta 2
    cpe:2.3:a:isc:bind:9.4.0:b2
  • ISC BIND 9.4.0 Beta 1
    cpe:2.3:a:isc:bind:9.4.0:b1
  • ISC BIND 9.4.0 Alpha 6
    cpe:2.3:a:isc:bind:9.4.0:a6
  • ISC BIND 9.4.0 Alpha 5
    cpe:2.3:a:isc:bind:9.4.0:a5
  • ISC BIND 9.4.0 Alpha 4
    cpe:2.3:a:isc:bind:9.4.0:a4
  • ISC BIND 9.4.0 Alpha 3
    cpe:2.3:a:isc:bind:9.4.0:a3
  • ISC BIND 9.4.0 Alpha 2
    cpe:2.3:a:isc:bind:9.4.0:a2
  • ISC BIND 9.4.0 Alpha 1
    cpe:2.3:a:isc:bind:9.4.0:a1
  • ISC BIND 9.4.0
    cpe:2.3:a:isc:bind:9.4.0
  • ISC BIND 9.3.6 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.6:rc1
  • ISC BIND 9.3.6
    cpe:2.3:a:isc:bind:9.3.6
  • ISC BIND 9.3.5 Release Candidate 2
    cpe:2.3:a:isc:bind:9.3.5:rc2
  • ISC BIND 9.3.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.5:rc1
  • ISC BIND 9.3.5
    cpe:2.3:a:isc:bind:9.3.5
  • ISC BIND 9.3.4
    cpe:2.3:a:isc:bind:9.3.4
  • ISC BIND 9.3.3 Release Candidate 3
    cpe:2.3:a:isc:bind:9.3.3:rc3
  • ISC BIND 9.3.3 Release Candidate 2
    cpe:2.3:a:isc:bind:9.3.3:rc2
  • ISC BIND 9.3.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.3:rc1
  • ISC BIND 9.3.3
    cpe:2.3:a:isc:bind:9.3.3
  • ISC BIND 9.3.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.2:rc1
  • ISC BIND 9.3.2
    cpe:2.3:a:isc:bind:9.3.2
  • ISC BIND 9.3.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.1:rc1
  • ISC BIND 9.3.1 Beta 2
    cpe:2.3:a:isc:bind:9.3.1:b2
  • ISC BIND 9.3.1
    cpe:2.3:a:isc:bind:9.3.1
  • ISC BIND 9.3.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.3.0:rc4
  • ISC BIND 9.3.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.3.0:rc3
  • ISC BIND 9.3.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.3.0:rc2
  • ISC BIND 9.3.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.0:rc1
  • ISC BIND 9.3.0 Beta 4
    cpe:2.3:a:isc:bind:9.3.0:b4
  • ISC BIND 9.3.0 Beta 3
    cpe:2.3:a:isc:bind:9.3.0:b3
  • ISC BIND 9.3.0 Beta 2
    cpe:2.3:a:isc:bind:9.3.0:b2
  • ISC BIND 9.3.0
    cpe:2.3:a:isc:bind:9.3.0
  • ISC BIND 9.3
    cpe:2.3:a:isc:bind:9.3
  • ISC BIND 9.2.9 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.9:rc1
  • ISC BIND 9.2.9
    cpe:2.3:a:isc:bind:9.2.9
  • ISC BIND 9.2.8
    cpe:2.3:a:isc:bind:9.2.8
  • ISC BIND 9.2.7 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.7:rc3
  • ISC BIND 9.2.7 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.7:rc2
  • ISC BIND 9.2.7 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.7:rc1
  • ISC BIND 9.2.7
    cpe:2.3:a:isc:bind:9.2.7
  • ISC BIND 9.2.6 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.6:rc1
  • ISC BIND 9.2.6
    cpe:2.3:a:isc:bind:9.2.6
  • ISC BIND 9.2.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.5:rc1
  • ISC BIND 9.2.5 Beta 2
    cpe:2.3:a:isc:bind:9.2.5:b2
  • ISC BIND 9.2.5
    cpe:2.3:a:isc:bind:9.2.5
  • ISC BIND 9.2.4 Release Candidate 8
    cpe:2.3:a:isc:bind:9.2.4:rc8
  • ISC BIND 9.2.4 Release Candidate 7
    cpe:2.3:a:isc:bind:9.2.4:rc7
  • ISC BIND 9.2.4 Release Candidate 6
    cpe:2.3:a:isc:bind:9.2.4:rc6
  • ISC BIND 9.2.4 Release Candidate 5
    cpe:2.3:a:isc:bind:9.2.4:rc5
  • ISC BIND 9.2.4 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.4:rc4
  • ISC BIND 9.2.4 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.4:rc3
  • ISC BIND 9.2.4 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.4:rc2
  • ISC BIND 9.2.4
    cpe:2.3:a:isc:bind:9.2.4
  • ISC BIND 9.2.3 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.3:rc4
  • ISC BIND 9.2.3 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.3:rc3
  • ISC BIND 9.2.3 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.3:rc2
  • ISC BIND 9.2.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.3:rc1
  • ISC BIND 9.2.3
    cpe:2.3:a:isc:bind:9.2.3
  • ISC BIND 9.2.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.2:rc1
  • ISC BIND 9.2.2 P3
    cpe:2.3:a:isc:bind:9.2.2:p3
  • ISC BIND 9.2.2 Patch 2
    cpe:2.3:a:isc:bind:9.2.2:p2
  • ISC BIND 9.2.2
    cpe:2.3:a:isc:bind:9.2.2
  • ISC BIND 9.2.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.1:rc2
  • ISC BIND 9.2.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.1:rc1
  • ISC BIND 9.2.1
    cpe:2.3:a:isc:bind:9.2.1
  • ISC BIND 9.2.0 Release Candidate 9
    cpe:2.3:a:isc:bind:9.2.0:rc9
  • ISC BIND 9.2.0 Release Candidate 8
    cpe:2.3:a:isc:bind:9.2.0:rc8
  • ISC BIND 9.2.0 Release Candidate 7
    cpe:2.3:a:isc:bind:9.2.0:rc7
  • ISC BIND 9.2.0 Release Candidate 6
    cpe:2.3:a:isc:bind:9.2.0:rc6
  • ISC BIND 9.2.0 Release Candidate 5
    cpe:2.3:a:isc:bind:9.2.0:rc5
  • ISC BIND 9.2.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.0:rc4
  • ISC BIND 9.2.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.0:rc3
  • ISC BIND 9.2.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.0:rc2
  • ISC BIND 9.2.0 Release Candidate 10
    cpe:2.3:a:isc:bind:9.2.0:rc10
  • ISC BIND 9.2.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.0:rc1
  • ISC BIND 9.2.0 Beta 2
    cpe:2.3:a:isc:bind:9.2.0:b2
  • ISC BIND 9.2.0 Beta 1
    cpe:2.3:a:isc:bind:9.2.0:b1
  • ISC BIND 9.2.0 Alpha 3
    cpe:2.3:a:isc:bind:9.2.0:a3
  • ISC BIND 9.2.0 Alpha 2
    cpe:2.3:a:isc:bind:9.2.0:a2
  • ISC BIND 9.2.0 Alpha 1
    cpe:2.3:a:isc:bind:9.2.0:a1
  • ISC BIND 9.2.0
    cpe:2.3:a:isc:bind:9.2.0
  • ISC BIND 9.2
    cpe:2.3:a:isc:bind:9.2
  • ISC BIND 9.1.3 Release Candidate 3
    cpe:2.3:a:isc:bind:9.1.3:rc3
  • ISC BIND 9.1.3 Release Candidate 2
    cpe:2.3:a:isc:bind:9.1.3:rc2
  • ISC BIND 9.1.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.3:rc1
  • ISC BIND 9.1.3
    cpe:2.3:a:isc:bind:9.1.3
  • ISC BIND 9.1.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.2:rc1
  • ISC BIND 9.1.2
    cpe:2.3:a:isc:bind:9.1.2
  • ISC BIND 9.1.1 Release Candidate 7
    cpe:2.3:a:isc:bind:9.1.1:rc7
  • ISC BIND 9.1.1 Release Candidate 6
    cpe:2.3:a:isc:bind:9.1.1:rc6
  • ISC BIND 9.1.1 Release Candidate 5
    cpe:2.3:a:isc:bind:9.1.1:rc5
  • ISC BIND 9.1.1 Release Candidate 4
    cpe:2.3:a:isc:bind:9.1.1:rc4
  • ISC BIND 9.1.1 Release Candidate 3
    cpe:2.3:a:isc:bind:9.1.1:rc3
  • ISC BIND 9.1.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.1.1:rc2
  • ISC BIND 9.1.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.1:rc1
  • ISC BIND 9.1.1
    cpe:2.3:a:isc:bind:9.1.1
  • ISC BIND 9.1.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.0:rc1
  • ISC BIND 9.1
    cpe:2.3:a:isc:bind:9.1
  • ISC BIND 9.0.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.0.1:rc2
  • ISC BIND 9.0.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.0.1:rc1
  • ISC BIND 9.0.1
    cpe:2.3:a:isc:bind:9.0.1
  • ISC BIND 9.0.0 Release Candidate 6
    cpe:2.3:a:isc:bind:9.0.0:rc6
  • ISC BIND 9.0.0 Release Candidate 5
    cpe:2.3:a:isc:bind:9.0.0:rc5
  • ISC BIND 9.0.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.0.0:rc4
  • ISC BIND 9.0.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.0.0:rc3
  • ISC BIND 9.0.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.0.0:rc2
  • ISC BIND 9.0.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.0.0:rc1
  • ISC BIND 9.0
    cpe:2.3:a:isc:bind:9.0
CVSS
Base: 2.6 (as of 24-08-2016 - 13:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201006-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201006-11 (BIND: Multiple vulnerabilities) Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022. Impact : An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 46778
    published 2010-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46778
    title GLSA-201006-11 : BIND: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_BIND-091127.NASL
    description The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. CVE-2009-4022: CVSS v2 Base Score: 2.6
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42951
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42951
    title openSUSE Security Update : bind (bind-1615)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-176-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues when DNSSEC is enabled (which is not the default setting).
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 54879
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54879
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2010-176-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091130_BIND_ON_SL5_X.NASL
    description CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60697
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60697
    title Scientific Linux Security Update : bind on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1620.NASL
    description From Red Hat Security Advisory 2009:1620 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67965
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67965
    title Oracle Linux 5 : bind (ELSA-2009-1620)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15787.NASL
    description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78835
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78835
    title F5 Networks BIG-IP : BIND vulnerability (SOL15787)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0004_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bind - expat - glib2 - Kernel - newt - nfs-utils - NTP - OpenSSH - OpenSSL
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89737
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89737
    title VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1961.NASL
    description Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages (bind9, dnsutils and the library packages) must be updated at the same time (preferably using 'apt-get update' and 'apt-get upgrade'). In the unlikely event that you have compiled your own software against libdns, you must recompile this programs, too.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44826
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44826
    title Debian DSA-1961-1 : bind9 - DNS cache poisoning
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_BIND-091127.NASL
    description The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. CVE-2009-4022: CVSS v2 Base Score: 2.6
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42954
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42954
    title openSUSE Security Update : bind (bind-1615)
  • NASL family DNS
    NASL id BIND9_DNSSEC_CACHE_POISONING.NASL
    description According to its version number, the remote installation of BIND suffers from a cache poisoning vulnerability. This issue affects all versions prior to 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3. Note that only nameservers that allow recursive queries and validate DNSSEC records are affected. Nessus has not attempted to verify if this configuration applies to the remote service, though, so this could be a false positive.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 42983
    published 2009-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42983
    title ISC BIND 9 DNSSEC Cache Poisoning
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1620.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 42946
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42946
    title RHEL 5 : bind (RHSA-2009:1620)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15748.NASL
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. (CVE-2010-0290)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78697
    published 2014-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78697
    title F5 Networks BIG-IP : BIND vulnerability (SOL15748)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-021.NASL
    description Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290). There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097). ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022 (CVE-2010-0382). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 44102
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44102
    title Mandriva Linux Security Advisory : bind (MDVSA-2010:021)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_40339.NASL
    description s700_800 11.23 BIND 9.2.0 Revision 5.0 : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS) and permit unauthorized disclosure of information. (HPSBUX02546 SSRT100159) - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS). (HPSBUX02451 SSRT090137)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 46813
    published 2010-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46813
    title HP-UX PHNE_40339 : s700_800 11.23 BIND 9.2.0 Revision 5.0
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-888-1.NASL
    description It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. (CVE-2010-0097) USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44106
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44106
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : bind9 vulnerabilities (USN-888-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-304.NASL
    description Some vulnerabilities were discovered and corrected in php : PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 42918
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42918
    title Mandriva Linux Security Advisory : php (MDVSA-2009:304)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_BIND-091127.NASL
    description The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. CVE-2009-4022: CVSS v2 Base Score: 2.6
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 42949
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42949
    title openSUSE Security Update : bind (bind-1615)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0004.NASL
    description a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 Newt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. b. vMA and Service Console update for vMA package nfs-utils to 1.0.9-42.el5 The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in '/etc/hosts.allow' and '/etc/hosts.deny' may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4552 to this issue. c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1 GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either from or to a base64 representation. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4316 to this issue. d. vMA and Service Console update for openssl to 0.9.8e-12.el5 SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full- strength cryptography world-wide. Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0590 to this issue. e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1 It was discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4022 to this issue. f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially- crafted XML file could cause applications using Expat to fail while parsing the file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-3560 and CVE-2009-3720 to these issues. g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2 A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2904 to this issue. h. vMA and Service Console package ntp updated to ntp-4.2.2p1-9.el5_4.1.i386.rpm A flaw was discovered in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers through a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. i. vMA update for package kernel to 2.6.18-164.9.1.el5 Updated vMA package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2849 to the security issue fixed in kernel 2.6.18-128.2.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-128.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-128.9.1 j. vMA 4.0 updates for the packages kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to 095-14.20.el5 device-mapper-multipath package updated to 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5, and ed package updated to 0.2-39.el5_2. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3916, CVE-2009-1189 and CVE-2009-0115 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 44993
    published 2010-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44993
    title VMSA-2010-0004 : ESX Service Console and vMA third-party updates
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-313.NASL
    description Some vulnerabilities were discovered and corrected in bind : Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022). Additionally BIND has been upgraded to the latest point release or closest supported version by ISC. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 42999
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42999
    title Mandriva Linux Security Advisory : bind (MDVSA-2009:313-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12218.NASL
    description Update to 9.6.1-P2 release which contains following fix: * Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42910
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42910
    title Fedora 11 : bind-9.6.1-7.P2.fc11 (2009-12218)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-336-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 54874
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54874
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-336-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BIND-091127.NASL
    description The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. CVE-2009-4022: CVSS v2 Base Score: 2.6
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 42956
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42956
    title SuSE 11 Security Update : bind (SAT Patch Number 1617)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_BIND-100121.NASL
    description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44309
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44309
    title openSUSE Security Update : bind (bind-1845)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL10898.NASL
    description Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed 'at the same time as requesting DNSSEC records (DO).'
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78124
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78124
    title F5 Networks BIG-IP : DNSSEC BIND vulnerability (SOL10898)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12233.NASL
    description Update to 9.6.1-P2 release which contains following fix: * Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 42911
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42911
    title Fedora 12 : bind-9.6.1-13.P2.fc12 (2009-12233)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-865-1.NASL
    description Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43058
    published 2009-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43058
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : bind9 vulnerability (USN-865-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BIND-100121.NASL
    description When bind is configured for DNSSEC it could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). All these bugs have been fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 44311
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44311
    title SuSE 11 Security Update : bind (SAT Patch Number 1844)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_BIND-100121.NASL
    description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44307
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44307
    title openSUSE Security Update : bind (bind-1845)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1620.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43809
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43809
    title CentOS 5 : bind (CESA-2009:1620)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2011-006.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 56481
    published 2011-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56481
    title Mac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100120_BIND_ON_SL5_X.NASL
    description CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60726
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60726
    title Scientific Linux Security Update : bind on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_BIND-100121.NASL
    description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). bind was updated to version 9.4.3-P5 in order to fix those issues.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 44305
    published 2010-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44305
    title openSUSE Security Update : bind (bind-1843)
oval via4
  • accepted 2013-04-29T04:09:04.652-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:10821
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    version 18
  • accepted 2011-01-10T04:00:06.579-05:00
    class vulnerability
    contributors
    name Varun Narula
    organization Hewlett-Packard
    definition_extensions
    • comment IBM AIX 6100-02 is installed
      oval oval:org.mitre.oval:def:5685
    • comment IBM AIX 6100-03 is installed
      oval oval:org.mitre.oval:def:6736
    • comment IBM AIX 6100-04 is installed
      oval oval:org.mitre.oval:def:7373
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:11745
    status accepted
    submitted 2010-11-25T10:44:46.000-05:00
    title Vulnerability with DNSSEC validation enabled in BIND.
    version 43
  • accepted 2014-03-24T04:01:54.737-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:7261
    status accepted
    submitted 2010-10-25T11:04:56.000-05:00
    title HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
    version 37
  • accepted 2010-06-14T04:00:54.759-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:7459
    status accepted
    submitted 2010-05-03T13:51:32.000-04:00
    title Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
    version 32
redhat via4
advisories
bugzilla
id 538744
title CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment bind is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620002
      • comment bind is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057003
    • AND
      • comment bind-chroot is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620008
      • comment bind-chroot is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057005
    • AND
      • comment bind-devel is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620012
      • comment bind-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057007
    • AND
      • comment bind-libbind-devel is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620016
      • comment bind-libbind-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057015
    • AND
      • comment bind-libs is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620006
      • comment bind-libs is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057017
    • AND
      • comment bind-sdb is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620010
      • comment bind-sdb is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057009
    • AND
      • comment bind-utils is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620004
      • comment bind-utils is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057011
    • AND
      • comment caching-nameserver is earlier than 30:9.3.6-4.P1.el5_4.1
        oval oval:com.redhat.rhsa:tst:20091620014
      • comment caching-nameserver is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070057013
rhsa
id RHSA-2009:1620
released 2009-11-30
severity Moderate
title RHSA-2009:1620: bind security update (Moderate)
rpms
  • bind-30:9.3.6-4.P1.el5_4.1
  • bind-chroot-30:9.3.6-4.P1.el5_4.1
  • bind-devel-30:9.3.6-4.P1.el5_4.1
  • bind-libbind-devel-30:9.3.6-4.P1.el5_4.1
  • bind-libs-30:9.3.6-4.P1.el5_4.1
  • bind-sdb-30:9.3.6-4.P1.el5_4.1
  • bind-utils-30:9.3.6-4.P1.el5_4.1
  • caching-nameserver-30:9.3.6-4.P1.el5_4.1
refmap via4
aixapar
  • IZ68597
  • IZ71667
  • IZ71774
apple APPLE-SA-2011-10-12-3
bid 37118
cert-vn VU#418861
confirm
fedora
  • FEDORA-2009-12218
  • FEDORA-2009-12233
mandriva MDVSA-2009:304
mlist
  • [oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section
  • [oss-security] 20091124 Re: a new bind issue
  • [oss-security] 20091124 a new bind issue
  • [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
osvdb 60493
secunia
  • 37426
  • 37491
  • 38219
  • 38240
  • 38794
  • 38834
  • 39334
  • 40730
sunalert
  • 1021660
  • 1021798
ubuntu USN-888-1
vupen
  • ADV-2009-3335
  • ADV-2010-0176
  • ADV-2010-0528
  • ADV-2010-0622
xf bind-dnssec-cache-poisoning(54416)
Last major update 06-12-2016 - 21:59
Published 25-11-2009 - 11:30
Last modified 18-09-2017 - 21:29
Back to Top