CVE - CVE-2010-0097

CVE-ID
CVE-2010-0097	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=554851 CONFIRM:https://www.isc.org/advisories/CVE-2010-0097 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 CONFIRM:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt CONFIRM:http://support.apple.com/kb/HT5002 CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 APPLE:APPLE-SA-2011-10-12-3 URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html DEBIAN:DSA-2054 URL:http://www.debian.org/security/2010/dsa-2054 FEDORA:FEDORA-2010-0861 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html FEDORA:FEDORA-2010-0868 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html HP:HPSBUX02519 URL:http://marc.info/?l=bugtraq&m=127195582210247&w=2 HP:SSRT100004 URL:http://marc.info/?l=bugtraq&m=127195582210247&w=2 MANDRIVA:MDVSA-2010:021 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 REDHAT:RHSA-2010:0062 URL:https://rhn.redhat.com/errata/RHSA-2010-0062.html REDHAT:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html SUNALERT:1021798 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 SUSE:SUSE-SA:2010:008 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html UBUNTU:USN-888-1 URL:http://www.ubuntu.com/usn/USN-888-1 CERT-VN:VU#360341 URL:http://www.kb.cert.org/vuls/id/360341 BID:37865 URL:http://www.securityfocus.com/bid/37865 OSVDB:61853 URL:http://www.osvdb.org/61853 OVAL:oval:org.mitre.oval:def:7212 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212 OVAL:oval:org.mitre.oval:def:7430 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430 OVAL:oval:org.mitre.oval:def:9357 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357 OVAL:oval:org.mitre.oval:def:12205 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205 SECTRACK:1023474 URL:http://securitytracker.com/id?1023474 SECUNIA:38169 URL:http://secunia.com/advisories/38169 SECUNIA:38219 URL:http://secunia.com/advisories/38219 SECUNIA:38240 URL:http://secunia.com/advisories/38240 SECUNIA:39334 URL:http://secunia.com/advisories/39334 SECUNIA:39582 URL:http://secunia.com/advisories/39582 SECUNIA:40086 URL:http://secunia.com/advisories/40086 VUPEN:ADV-2010-0176 URL:http://www.vupen.com/english/advisories/2010/0176 VUPEN:ADV-2010-0622 URL:http://www.vupen.com/english/advisories/2010/0622 VUPEN:ADV-2010-0981 URL:http://www.vupen.com/english/advisories/2010/0981 VUPEN:ADV-2010-1352 URL:http://www.vupen.com/english/advisories/2010/1352 XF:bind-dnssecnsec-cache-poisoning(55753) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
Assigning CNA
N/A
Date Entry Created
20091230	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091230)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.