ID CVE-2009-4022
Summary Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.2:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.2:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:09:04.652-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:10821
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    version 18
  • accepted 2011-01-10T04:00:06.579-05:00
    class vulnerability
    contributors
    name Varun Narula
    organization Hewlett-Packard
    definition_extensions
    • comment IBM AIX 6100-02 is installed
      oval oval:org.mitre.oval:def:5685
    • comment IBM AIX 6100-03 is installed
      oval oval:org.mitre.oval:def:6736
    • comment IBM AIX 6100-04 is installed
      oval oval:org.mitre.oval:def:7373
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:11745
    status accepted
    submitted 2010-11-25T10:44:46.000-05:00
    title Vulnerability with DNSSEC validation enabled in BIND.
    version 45
  • accepted 2014-03-24T04:01:54.737-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:7261
    status accepted
    submitted 2010-10-25T11:04:56.000-05:00
    title HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
    version 41
  • accepted 2010-06-14T04:00:54.759-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
    family unix
    id oval:org.mitre.oval:def:7459
    status accepted
    submitted 2010-05-03T13:51:32.000-04:00
    title Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
    version 36
redhat via4
advisories
bugzilla
id 538744
title CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment bind is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620001
        • comment bind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057002
      • AND
        • comment bind-chroot is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620003
        • comment bind-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057004
      • AND
        • comment bind-devel is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620005
        • comment bind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057006
      • AND
        • comment bind-libbind-devel is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620007
        • comment bind-libbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057008
      • AND
        • comment bind-libs is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620009
        • comment bind-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057010
      • AND
        • comment bind-sdb is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620011
        • comment bind-sdb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057012
      • AND
        • comment bind-utils is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620013
        • comment bind-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057014
      • AND
        • comment caching-nameserver is earlier than 30:9.3.6-4.P1.el5_4.1
          oval oval:com.redhat.rhsa:tst:20091620015
        • comment caching-nameserver is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057016
rhsa
id RHSA-2009:1620
released 2009-11-30
severity Moderate
title RHSA-2009:1620: bind security update (Moderate)
rpms
  • bind-30:9.3.6-4.P1.el5_4.1
  • bind-chroot-30:9.3.6-4.P1.el5_4.1
  • bind-debuginfo-30:9.3.6-4.P1.el5_4.1
  • bind-devel-30:9.3.6-4.P1.el5_4.1
  • bind-libbind-devel-30:9.3.6-4.P1.el5_4.1
  • bind-libs-30:9.3.6-4.P1.el5_4.1
  • bind-sdb-30:9.3.6-4.P1.el5_4.1
  • bind-utils-30:9.3.6-4.P1.el5_4.1
  • caching-nameserver-30:9.3.6-4.P1.el5_4.1
refmap via4
aixapar
  • IZ68597
  • IZ71667
  • IZ71774
apple APPLE-SA-2011-10-12-3
bid 37118
cert-vn VU#418861
confirm
fedora
  • FEDORA-2009-12218
  • FEDORA-2009-12233
mandriva MDVSA-2009:304
mlist
  • [oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section
  • [oss-security] 20091124 Re: a new bind issue
  • [oss-security] 20091124 a new bind issue
  • [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
osvdb 60493
secunia
  • 37426
  • 37491
  • 38219
  • 38240
  • 38794
  • 38834
  • 39334
  • 40730
sunalert
  • 1021660
  • 1021798
ubuntu USN-888-1
vupen
  • ADV-2009-3335
  • ADV-2010-0176
  • ADV-2010-0528
  • ADV-2010-0622
xf bind-dnssec-cache-poisoning(54416)
Last major update 19-09-2017 - 01:29
Published 25-11-2009 - 16:30
Last modified 19-09-2017 - 01:29
Back to Top