Executive Summary

Informations
NameCVE-2009-4022First vendor Publication2009-11-25
VendorCveLast vendor Modification2011-10-27

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7459
 
Oval ID: oval:org.mitre.oval:def:7459
Title: Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 3
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7332
 
Oval ID: oval:org.mitre.oval:def:7332
Title: DSA-1961 bind9 -- DNS cache poisoning
Description: Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this programs, too.
Family: unix Class: patch
Reference(s): DSA-1961
CVE-2009-4022
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7261
 
Oval ID: oval:org.mitre.oval:def:7261
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13728
 
Oval ID: oval:org.mitre.oval:def:13728
Title: DSA-1961-1 bind9 -- DNS cache poisoning
Description: Michael Sinatra discovered that the DNS resolver component in BIND does not properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors, which is still rare. Note that this update contains an internal ABI change, which means that all BIND-related packages must be updated at the same time. In the unlikely event that you have compiled your own software against libdns, you must recompile this program, too. For the old stable distribution, this problem has been fixed in version 9.3.4-2etch6. For the stable distribution, this problem has been fixed in version 9.5.1.dfsg.P3-1+lenny1. For the unstable distribution and the testing distribution, this problem has been fixed in version 9.6.1.dfsg.P2-1. We recommend that you upgrade your bind9 packages.
Family: unix Class: patch
Reference(s): DSA-1961-1
CVE-2009-4022
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13277
 
Oval ID: oval:org.mitre.oval:def:13277
Title: USN-865-1 -- bind9 vulnerability
Description: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Family: unix Class: patch
Reference(s): USN-865-1
CVE-2009-4022
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11745
 
Oval ID: oval:org.mitre.oval:def:11745
Title: Vulnerability with DNSSEC validation enabled in BIND.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 3
Platform(s): IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10821
 
Oval ID: oval:org.mitre.oval:def:10821
Title: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4022
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22841
 
Oval ID: oval:org.mitre.oval:def:22841
Title: ELSA-2009:1620: bind security update (Moderate)
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family: unix Class: patch
Reference(s): ELSA-2009:1620-01
CVE-2009-4022
Version: 6
Platform(s): Oracle Linux 5
Product(s): bind
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application178

OpenVAS Exploits

DateDescription
2011-10-20Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-08-09Name : CentOS Update for bind CESA-2009:1620 centos5 i386
File : nvt/gb_CESA-2009_1620_bind_centos5_i386.nasl
2011-08-09Name : CentOS Update for bind CESA-2010:0062 centos5 i386
File : nvt/gb_CESA-2010_0062_bind_centos5_i386.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201006-11 (BIND)
File : nvt/glsa_201006_11.nasl
2010-10-01Name : HP-UX Update for BIND HPSBUX02546
File : nvt/gb_hp_ux_HPSBUX02546.nasl
2010-03-02Name : Fedora Update for bind FEDORA-2010-0861
File : nvt/gb_fedora_2010_0861_bind_fc11.nasl
2010-03-02Name : Fedora Update for bind FEDORA-2010-0868
File : nvt/gb_fedora_2010_0868_bind_fc12.nasl
2010-01-29Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-25Name : RedHat Update for bind RHSA-2010:0062-02
File : nvt/gb_RHSA-2010_0062-02_bind.nasl
2010-01-22Name : Mandriva Update for bind MDVSA-2010:021 (bind)
File : nvt/gb_mandriva_MDVSA_2010_021.nasl
2010-01-22Name : Ubuntu Update for bind9 vulnerabilities USN-888-1
File : nvt/gb_ubuntu_USN_888_1.nasl
2010-01-11Name : FreeBSD Security Advisory (FreeBSD-SA-10:01.bind.asc)
File : nvt/freebsdsa_bind8.nasl
2009-12-30Name : Debian Security Advisory DSA 1961-1 (bind9)
File : nvt/deb_1961_1.nasl
2009-12-30Name : CentOS Security Advisory CESA-2009:1620 (bind)
File : nvt/ovcesa2009_1620.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:313-1 (bind)
File : nvt/mdksa_2009_313_1.nasl
2009-12-10Name : SuSE Security Advisory SUSE-SA:2009:059 (bind)
File : nvt/suse_sa_2009_059.nasl
2009-12-10Name : Ubuntu USN-865-1 (bind9)
File : nvt/ubuntu_865_1.nasl
2009-12-03Name : SLES11: Security update for bind
File : nvt/sles11_bind0.nasl
2009-12-03Name : Fedora Core 11 FEDORA-2009-12218 (bind)
File : nvt/fcore_2009_12218.nasl
2009-12-03Name : Fedora Core 12 FEDORA-2009-12233 (bind)
File : nvt/fcore_2009_12233.nasl
2009-12-03Name : RedHat Security Advisory RHSA-2009:1620
File : nvt/RHSA_2009_1620.nasl
2009-11-25Name : ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vu...
File : nvt/bind_37118.nasl
0000-00-00Name : Slackware Advisory SSA:2009-336-01 bind
File : nvt/esoft_slk_ssa_2009_336_01.nasl
0000-00-00Name : Slackware Advisory SSA:2010-176-01 bind
File : nvt/esoft_slk_ssa_2010_176_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
60493ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning

Nessus® Vulnerability Scanner

DateDescription
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10898.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100120_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091130_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-10-13Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO
2011-05-28Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-336-01.nasl - Type : ACT_GATHER_INFO
2011-05-28Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-176-01.nasl - Type : ACT_GATHER_INFO
2010-06-07Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO
2010-06-02Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-11.nasl - Type : ACT_GATHER_INFO
2010-03-05Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1961.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_1_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_2_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-021.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-888-1.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-865-1.nasl - Type : ACT_GATHER_INFO
2009-12-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-313.nasl - Type : ACT_GATHER_INFO
2009-12-02Name : The remote name server is affected by a cache poisoning vulnerability.
File : bind9_dnssec_cache_poisoning.nasl - Type : ACT_GATHER_INFO
2009-12-01Name : The remote openSUSE host is missing a security update.
File : suse_11_1_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-12-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1620.nasl - Type : ACT_GATHER_INFO
2009-12-01Name : The remote openSUSE host is missing a security update.
File : suse_11_2_bind-091127.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-304.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote Fedora host is missing a security update.
File : fedora_2009-12218.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote Fedora host is missing a security update.
File : fedora_2009-12233.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
AIXAPARhttp://www.ibm.com/support/docview.wss?uid=isg1IZ68597
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
APPLEhttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BIDhttp://www.securityfocus.com/bid/37118
CERT-VNhttp://www.kb.cert.org/vuls/id/418861
CONFIRMftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
http://support.apple.com/kb/HT5002
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
https://bugzilla.redhat.com/show_bug.cgi?id=538744
https://issues.rpath.com/browse/RPL-3152
https://www.isc.org/advisories/CVE-2009-4022v6
https://www.isc.org/advisories/CVE2009-4022
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg0117...
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg0118...
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:304
MLISThttp://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://www.openwall.com/lists/oss-security/2009/11/24/1
http://www.openwall.com/lists/oss-security/2009/11/24/2
http://www.openwall.com/lists/oss-security/2009/11/24/8
OSVDBhttp://osvdb.org/60493
REDHAThttp://www.redhat.com/support/errata/RHSA-2009-1620.html
SECUNIAhttp://secunia.com/advisories/37426
http://secunia.com/advisories/37491
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/39334
http://secunia.com/advisories/40730
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
UBUNTUhttp://www.ubuntu.com/usn/USN-888-1
VUPENhttp://www.vupen.com/english/advisories/2009/3335
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0622
XFhttp://xforce.iss.net/xforce/xfdb/54416

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-10-11 13:26:04
  • Multiple Updates
2014-02-17 10:52:25
  • Multiple Updates
2013-05-11 00:01:16
  • Multiple Updates