CVE - CVE-2010-0097

CVE-ID
CVE-2010-0097	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BID:37865 URL:http://www.securityfocus.com/bid/37865 CERT-VN:VU#360341 URL:http://www.kb.cert.org/vuls/id/360341 CONFIRM:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt CONFIRM:http://support.apple.com/kb/HT5002 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=554851 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 CONFIRM:https://www.isc.org/advisories/CVE-2010-0097 DEBIAN:DSA-2054 URL:http://www.debian.org/security/2010/dsa-2054 FEDORA:FEDORA-2010-0861 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html FEDORA:FEDORA-2010-0868 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html HP:HPSBUX02519 URL:http://marc.info/?l=bugtraq&m=127195582210247&w=2 HP:SSRT100004 URL:http://marc.info/?l=bugtraq&m=127195582210247&w=2 MANDRIVA:MDVSA-2010:021 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:021~~ (Obsolete source) OSVDB:61853 URL:~~http://www.osvdb.org/61853~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:12205 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205 OVAL:oval:org.mitre.oval:def:7212 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212 OVAL:oval:org.mitre.oval:def:7430 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430 OVAL:oval:org.mitre.oval:def:9357 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357 REDHAT:RHSA-2010:0062 URL:https://rhn.redhat.com/errata/RHSA-2010-0062.html REDHAT:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html SECTRACK:1023474 URL:http://securitytracker.com/id?1023474 SECUNIA:38169 URL:http://secunia.com/advisories/38169 SECUNIA:38219 URL:http://secunia.com/advisories/38219 SECUNIA:38240 URL:http://secunia.com/advisories/38240 SECUNIA:39334 URL:http://secunia.com/advisories/39334 SECUNIA:39582 URL:http://secunia.com/advisories/39582 SECUNIA:40086 URL:http://secunia.com/advisories/40086 SUNALERT:1021798 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1~~ (Obsolete source) SUSE:SUSE-SA:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html UBUNTU:USN-888-1 URL:http://www.ubuntu.com/usn/USN-888-1 VUPEN:ADV-2010-0176 URL:~~http://www.vupen.com/english/advisories/2010/0176~~ (Obsolete source) VUPEN:ADV-2010-0622 URL:~~http://www.vupen.com/english/advisories/2010/0622~~ (Obsolete source) VUPEN:ADV-2010-0981 URL:~~http://www.vupen.com/english/advisories/2010/0981~~ (Obsolete source) VUPEN:ADV-2010-1352 URL:~~http://www.vupen.com/english/advisories/2010/1352~~ (Obsolete source) XF:bind-dnssecnsec-cache-poisoning(55753) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
Assigning CNA
CERT/CC
Date Record Created
20091230	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091230)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)