QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4022

Published: Nov 25, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:7261

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc

x_refsource_CONFIRM

oval:org.mitre.oval:def:10821

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_VUPEN

bind-dnssec-cache-poisoning(54416)

vdb-entry

x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=538744

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_OSVDB

https://www.isc.org/advisories/CVE-2009-4022v6

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-12218

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

oval:org.mitre.oval:def:7459

vdb-entry

signature

x_refsource_OVAL

[oss-security] 20091124 Re: a new bind issue

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_CERT-VN

https://www.isc.org/advisories/CVE2009-4022

x_refsource_CONFIRM

vendor-advisory

x_refsource_AIXAPAR

vendor-advisory

x_refsource_SUNALERT

APPLE-SA-2011-10-12-3

vendor-advisory

x_refsource_APPLE

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

https://issues.rpath.com/browse/RPL-3152

x_refsource_CONFIRM

vendor-advisory

x_refsource_AIXAPAR

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:11745

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_AIXAPAR

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

x_refsource_CONFIRM

FEDORA-2009-12233

vendor-advisory

x_refsource_FEDORA

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

x_refsource_CONFIRM

http://support.apple.com/kb/HT5002

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

[oss-security] 20091124 a new bind issue

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_SUNALERT

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.