Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-4022

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-25 Nov, 2009 | 16:00
Updated At-07 Aug, 2024 | 06:45
Rejected At-
Credits

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:25 Nov, 2009 | 16:00
Updated At:07 Aug, 2024 | 06:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/40730
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/37426
third-party-advisory
x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
vdb-entry
signature
x_refsource_OVAL
http://www.vupen.com/english/advisories/2010/0176
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=538744
x_refsource_CONFIRM
http://www.securityfocus.com/bid/37118
vdb-entry
x_refsource_BID
http://secunia.com/advisories/38794
third-party-advisory
x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
mailing-list
x_refsource_MLIST
http://osvdb.org/60493
vdb-entry
x_refsource_OSVDB
https://www.isc.org/advisories/CVE-2009-4022v6
x_refsource_CONFIRM
http://secunia.com/advisories/38240
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/37491
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-888-1
vendor-advisory
x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
vdb-entry
signature
x_refsource_OVAL
http://www.openwall.com/lists/oss-security/2009/11/24/8
mailing-list
x_refsource_MLIST
http://www.kb.cert.org/vuls/id/418861
third-party-advisory
x_refsource_CERT-VN
https://www.isc.org/advisories/CVE2009-4022
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
vendor-advisory
x_refsource_AIXAPAR
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
vendor-advisory
x_refsource_SUNALERT
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/39334
third-party-advisory
x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2009/11/24/2
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2009/3335
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0622
vdb-entry
x_refsource_VUPEN
https://issues.rpath.com/browse/RPL-3152
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/38834
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/38219
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
vdb-entry
signature
x_refsource_OVAL
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
vendor-advisory
x_refsource_AIXAPAR
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
vendor-advisory
x_refsource_FEDORA
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
x_refsource_CONFIRM
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2009-1620.html
vendor-advisory
x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2009/11/24/1
mailing-list
x_refsource_MLIST
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
vendor-advisory
x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2010/0528
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/40730
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/37426
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.vupen.com/english/advisories/2010/0176
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=538744
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/37118
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/38794
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://osvdb.org/60493
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://www.isc.org/advisories/CVE-2009-4022v6
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/38240
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/37491
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-888-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/8
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.kb.cert.org/vuls/id/418861
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://www.isc.org/advisories/CVE2009-4022
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/39334
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2009/3335
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/0622
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://issues.rpath.com/browse/RPL-3152
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/38834
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/38219
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.apple.com/kb/HT5002
Resource:
x_refsource_CONFIRM
Hyperlink: ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1620.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.vupen.com/english/advisories/2010/0528
Resource:
vdb-entry
x_refsource_VUPEN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/40730
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/37426
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.vupen.com/english/advisories/2010/0176
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
vdb-entry
x_refsource_XF
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=538744
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/37118
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/38794
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
mailing-list
x_refsource_MLIST
x_transferred
http://osvdb.org/60493
vdb-entry
x_refsource_OSVDB
x_transferred
https://www.isc.org/advisories/CVE-2009-4022v6
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/38240
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/37491
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-888-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/24/8
mailing-list
x_refsource_MLIST
x_transferred
http://www.kb.cert.org/vuls/id/418861
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://www.isc.org/advisories/CVE2009-4022
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/39334
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/24/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2009/3335
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2010/0622
vdb-entry
x_refsource_VUPEN
x_transferred
https://issues.rpath.com/browse/RPL-3152
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/38834
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/38219
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
vendor-advisory
x_refsource_AIXAPAR
x_transferred
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
x_refsource_CONFIRM
x_transferred
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
x_transferred
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1620.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.openwall.com/lists/oss-security/2009/11/24/1
mailing-list
x_refsource_MLIST
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.vupen.com/english/advisories/2010/0528
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/40730
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/37426
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0176
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=538744
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/37118
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/38794
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://osvdb.org/60493
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://www.isc.org/advisories/CVE-2009-4022v6
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/38240
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/37491
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-888-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/8
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/418861
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://www.isc.org/advisories/CVE2009-4022
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/39334
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3335
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0622
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-3152
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/38834
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/38219
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.apple.com/kb/HT5002
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1620.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0528
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:25 Nov, 2009 | 16:30
Updated At:19 Sep, 2017 | 01:29

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CPE Matches
Internet Systems Consortium, Inc.
isc
>>bind>>9.0
cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.0
cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.1
cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.1
cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.0.1
cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1
cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.0
cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.1
cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.2
cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.2
cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.3
cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.3
cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.3
cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.1.3
cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2
cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.0
cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.1
cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.1
cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.1
cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.2
cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.2
cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.2
cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
Internet Systems Consortium, Inc.
isc
>>bind>>9.2.2
cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txtsecalert@redhat.com
N/A
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.ascsecalert@redhat.com
N/A
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlsecalert@redhat.com
N/A
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlsecalert@redhat.com
N/A
http://osvdb.org/60493secalert@redhat.com
N/A
http://secunia.com/advisories/37426secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/37491secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38219secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38240secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38794secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38834secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/39334secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/40730secalert@redhat.com
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1secalert@redhat.com
N/A
http://support.apple.com/kb/HT5002secalert@redhat.com
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018secalert@redhat.com
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597secalert@redhat.com
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667secalert@redhat.com
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774secalert@redhat.com
N/A
http://www.kb.cert.org/vuls/id/418861secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2009/11/24/1secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2009/11/24/2secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2009/11/24/8secalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2009-1620.htmlsecalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/37118secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-888-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/3335secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0176secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0528secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0622secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=538744secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416secalert@redhat.com
N/A
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-3152secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459secalert@redhat.com
N/A
https://www.isc.org/advisories/CVE-2009-4022v6secalert@redhat.com
Vendor Advisory
https://www.isc.org/advisories/CVE2009-4022secalert@redhat.com
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.htmlsecalert@redhat.com
N/A
Hyperlink: ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/60493
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/37426
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/37491
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/38219
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/38240
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/38794
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/38834
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/39334
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40730
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5002
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/418861
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/24/8
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1620.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/37118
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-888-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3335
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0176
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0528
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0622
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=538744
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-3152
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.isc.org/advisories/CVE-2009-4022v6
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://www.isc.org/advisories/CVE2009-4022
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2013-5661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.07% / 77.39%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 18:14
Updated-06 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cache Poisoning issue exists in DNS Response Rate Limiting.

Action-Not Available
Vendor-nlnetlabsnicn/aRed Hat, Inc.Internet Systems Consortium, Inc.
Product-nsdknot_resolverbindenterprise_linuxn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
Details not found