ByteOS Network

NVD Vulnerability Details :

CVE-2009-4022

Modified

Source-secalert@redhat.com

Published At-25 Nov, 2009 | 16:30

Updated At-19 Sep, 2017 | 01:29

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 2.6

Base severity: LOW

Vector:

AV:N/AC:H/Au:N/C:N/I:P/A:N

Hyperlink	Source	Resource
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt	secalert@redhat.com	N/A
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc	secalert@redhat.com	N/A
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html	secalert@redhat.com	N/A
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	secalert@redhat.com	N/A
http://osvdb.org/60493	secalert@redhat.com	N/A
http://secunia.com/advisories/37426	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/37491	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/38219	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/38240	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/38794	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/38834	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/39334	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/40730	secalert@redhat.com	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1	secalert@redhat.com	N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1	secalert@redhat.com	N/A
http://support.apple.com/kb/HT5002	secalert@redhat.com	N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018	secalert@redhat.com	N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597	secalert@redhat.com	N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667	secalert@redhat.com	N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774	secalert@redhat.com	N/A
http://www.kb.cert.org/vuls/id/418861	secalert@redhat.com	US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2009/11/24/1	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2009/11/24/2	secalert@redhat.com	N/A
http://www.openwall.com/lists/oss-security/2009/11/24/8	secalert@redhat.com	N/A
http://www.redhat.com/support/errata/RHSA-2009-1620.html	secalert@redhat.com	Vendor Advisory
http://www.securityfocus.com/bid/37118	secalert@redhat.com	N/A
http://www.ubuntu.com/usn/USN-888-1	secalert@redhat.com	N/A
http://www.vupen.com/english/advisories/2009/3335	secalert@redhat.com	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0176	secalert@redhat.com	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0528	secalert@redhat.com	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0622	secalert@redhat.com	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=538744	secalert@redhat.com	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416	secalert@redhat.com	N/A
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488	secalert@redhat.com	N/A
https://issues.rpath.com/browse/RPL-3152	secalert@redhat.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821	secalert@redhat.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745	secalert@redhat.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261	secalert@redhat.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459	secalert@redhat.com	N/A
https://www.isc.org/advisories/CVE-2009-4022v6	secalert@redhat.com	Vendor Advisory
https://www.isc.org/advisories/CVE2009-4022	secalert@redhat.com	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html	secalert@redhat.com	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html	secalert@redhat.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History