CVE - CVE-2010-0290

CVE-ID
CVE-2010-0290	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:38219 URL:http://secunia.com/advisories/38219 MISC:38240 URL:http://secunia.com/advisories/38240 MISC:40086 URL:http://secunia.com/advisories/40086 MISC:ADV-2010-0176 URL:~~http://www.vupen.com/english/advisories/2010/0176~~ (Obsolete source) MISC:ADV-2010-0622 URL:~~http://www.vupen.com/english/advisories/2010/0622~~ (Obsolete source) MISC:ADV-2010-1352 URL:~~http://www.vupen.com/english/advisories/2010/1352~~ (Obsolete source) MISC:DSA-2054 URL:http://www.debian.org/security/2010/dsa-2054 MISC:MDVSA-2010:021 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:021~~ (Obsolete source) MISC:RHSA-2010:0062 URL:https://rhn.redhat.com/errata/RHSA-2010-0062.html MISC:SUSE-SA:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html MISC:USN-888-1 URL:http://www.ubuntu.com/usn/USN-888-1 MISC:[oss-security] 20100119 BIND CVE-2009-4022 fix incomplete URL:http://marc.info/?l=oss-security&m=126393609503704&w=2 MISC:[oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete URL:http://marc.info/?l=oss-security&m=126399602810086&w=2 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=554851 URL:https://bugzilla.redhat.com/show_bug.cgi?id=554851 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=557121 URL:https://bugzilla.redhat.com/show_bug.cgi?id=557121 MISC:https://www.isc.org/advisories/CVE-2009-4022v6 URL:https://www.isc.org/advisories/CVE-2009-4022v6 MISC:oval:org.mitre.oval:def:6815 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815 MISC:oval:org.mitre.oval:def:7512 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512 MISC:oval:org.mitre.oval:def:8884 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884
Assigning CNA
Red Hat, Inc.
Date Record Created
20100112	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100112)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)