CVE - CVE-2009-4022

CVE-ID
CVE-2009-4022	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section URL:http://www.openwall.com/lists/oss-security/2009/11/24/2 MLIST:[oss-security] 20091124 Re: a new bind issue URL:http://www.openwall.com/lists/oss-security/2009/11/24/8 MLIST:[oss-security] 20091124 a new bind issue URL:http://www.openwall.com/lists/oss-security/2009/11/24/1 MLIST:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=538744 CONFIRM:https://www.isc.org/advisories/CVE2009-4022 CONFIRM:https://www.isc.org/advisories/CVE-2009-4022v6 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 CONFIRM:https://issues.rpath.com/browse/RPL-3152 CONFIRM:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt CONFIRM:http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc CONFIRM:http://support.apple.com/kb/HT5002 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 AIXAPAR:IZ68597 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 AIXAPAR:IZ71667 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 AIXAPAR:IZ71774 URL:http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 APPLE:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA:FEDORA-2009-12218 URL:https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html FEDORA:FEDORA-2009-12233 URL:https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html MANDRIVA:MDVSA-2009:304 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 REDHAT:RHSA-2009:1620 URL:http://www.redhat.com/support/errata/RHSA-2009-1620.html SUNALERT:1021798 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 SUNALERT:1021660 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1 UBUNTU:USN-888-1 URL:http://www.ubuntu.com/usn/USN-888-1 CERT-VN:VU#418861 URL:http://www.kb.cert.org/vuls/id/418861 BID:37118 URL:http://www.securityfocus.com/bid/37118 OSVDB:60493 URL:http://osvdb.org/60493 OVAL:oval:org.mitre.oval:def:10821 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821 OVAL:oval:org.mitre.oval:def:7459 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459 OVAL:oval:org.mitre.oval:def:11745 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745 OVAL:oval:org.mitre.oval:def:7261 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261 SECUNIA:37491 URL:http://secunia.com/advisories/37491 SECUNIA:37426 URL:http://secunia.com/advisories/37426 SECUNIA:38219 URL:http://secunia.com/advisories/38219 SECUNIA:38240 URL:http://secunia.com/advisories/38240 SECUNIA:39334 URL:http://secunia.com/advisories/39334 SECUNIA:38794 URL:http://secunia.com/advisories/38794 SECUNIA:38834 URL:http://secunia.com/advisories/38834 SECUNIA:40730 URL:http://secunia.com/advisories/40730 VUPEN:ADV-2009-3335 URL:http://www.vupen.com/english/advisories/2009/3335 VUPEN:ADV-2010-0176 URL:http://www.vupen.com/english/advisories/2010/0176 VUPEN:ADV-2010-0622 URL:http://www.vupen.com/english/advisories/2010/0622 VUPEN:ADV-2010-0528 URL:http://www.vupen.com/english/advisories/2010/0528 XF:bind-dnssec-cache-poisoning(54416) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Assigning CNA
N/A
Date Entry Created
20091120	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091120)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org