CVE - CVE-2009-4022

CVE-ID
CVE-2009-4022	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021660 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1~~ (Obsolete source) MISC:1021798 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1~~ (Obsolete source) MISC:37118 URL:http://www.securityfocus.com/bid/37118 MISC:37426 URL:http://secunia.com/advisories/37426 MISC:37491 URL:http://secunia.com/advisories/37491 MISC:38219 URL:http://secunia.com/advisories/38219 MISC:38240 URL:http://secunia.com/advisories/38240 MISC:38794 URL:http://secunia.com/advisories/38794 MISC:38834 URL:http://secunia.com/advisories/38834 MISC:39334 URL:http://secunia.com/advisories/39334 MISC:40730 URL:http://secunia.com/advisories/40730 MISC:60493 URL:~~http://osvdb.org/60493~~ (Obsolete source) MISC:ADV-2009-3335 URL:~~http://www.vupen.com/english/advisories/2009/3335~~ (Obsolete source) MISC:ADV-2010-0176 URL:~~http://www.vupen.com/english/advisories/2010/0176~~ (Obsolete source) MISC:ADV-2010-0528 URL:~~http://www.vupen.com/english/advisories/2010/0528~~ (Obsolete source) MISC:ADV-2010-0622 URL:~~http://www.vupen.com/english/advisories/2010/0622~~ (Obsolete source) MISC:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html MISC:FEDORA-2009-12218 URL:https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html MISC:FEDORA-2009-12233 URL:https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html MISC:IZ68597 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 MISC:IZ71667 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 MISC:IZ71774 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 MISC:MDVSA-2009:304 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:304~~ (Obsolete source) MISC:RHSA-2009:1620 URL:http://www.redhat.com/support/errata/RHSA-2009-1620.html MISC:USN-888-1 URL:http://www.ubuntu.com/usn/USN-888-1 MISC:VU#418861 URL:http://www.kb.cert.org/vuls/id/418861 MISC:[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section URL:http://www.openwall.com/lists/oss-security/2009/11/24/2 MISC:[oss-security] 20091124 Re: a new bind issue URL:http://www.openwall.com/lists/oss-security/2009/11/24/8 MISC:[oss-security] 20091124 a new bind issue URL:http://www.openwall.com/lists/oss-security/2009/11/24/1 MISC:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html MISC:bind-dnssec-cache-poisoning(54416) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54416 MISC:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt URL:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt MISC:http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc URL:http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc MISC:http://support.apple.com/kb/HT5002 URL:http://support.apple.com/kb/HT5002 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=538744 URL:https://bugzilla.redhat.com/show_bug.cgi?id=538744 MISC:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 URL:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 MISC:https://issues.rpath.com/browse/RPL-3152 URL:https://issues.rpath.com/browse/RPL-3152 MISC:https://www.isc.org/advisories/CVE-2009-4022v6 URL:https://www.isc.org/advisories/CVE-2009-4022v6 MISC:https://www.isc.org/advisories/CVE2009-4022 URL:https://www.isc.org/advisories/CVE2009-4022 MISC:oval:org.mitre.oval:def:10821 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821 MISC:oval:org.mitre.oval:def:11745 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745 MISC:oval:org.mitre.oval:def:7261 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261 MISC:oval:org.mitre.oval:def:7459 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Assigning CNA
Red Hat, Inc.
Date Record Created
20091120	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091120)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)