Executive Summary

Informations
NameCVE-2010-0290First vendor Publication2010-01-22
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:P)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8884
 
Oval ID: oval:org.mitre.oval:def:8884
Title: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7512
 
Oval ID: oval:org.mitre.oval:def:7512
Title: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6815
 
Oval ID: oval:org.mitre.oval:def:6815
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13497
 
Oval ID: oval:org.mitre.oval:def:13497
Title: USN-888-1 -- bind9 vulnerabilities
Description: It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Original advisory details: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Family: unix Class: patch
Reference(s): USN-888-1
CVE-2010-0097
CVE-2009-4022
CVE-2010-0290
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): bind9
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application168

OpenVAS Exploits

DateDescription
2012-04-16Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09Name : CentOS Update for bind CESA-2010:0062 centos5 i386
File : nvt/gb_CESA-2010_0062_bind_centos5_i386.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201006-11 (BIND)
File : nvt/glsa_201006_11.nasl
2010-10-01Name : HP-UX Update for BIND HPSBUX02546
File : nvt/gb_hp_ux_HPSBUX02546.nasl
2010-07-06Name : Debian Security Advisory DSA 2054-2 (bind9)
File : nvt/deb_2054_2.nasl
2010-06-10Name : Debian Security Advisory DSA 2054-1 (bind9)
File : nvt/deb_2054_1.nasl
2010-01-29Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-25Name : RedHat Update for bind RHSA-2010:0062-02
File : nvt/gb_RHSA-2010_0062-02_bind.nasl
2010-01-22Name : Mandriva Update for bind MDVSA-2010:021 (bind)
File : nvt/gb_mandriva_MDVSA_2010_021.nasl
2010-01-22Name : Ubuntu Update for bind9 vulnerabilities USN-888-1
File : nvt/gb_ubuntu_USN_888_1.nasl
2010-01-20Name : ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
File : nvt/bind_37865.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62007ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning

Nessus® Vulnerability Scanner

DateDescription
2017-04-21Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-03-08Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-10-28Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15748.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100120_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-06-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2054.nasl - Type : ACT_GATHER_INFO
2010-06-07Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO
2010-06-02Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-11.nasl - Type : ACT_GATHER_INFO
2010-06-01Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_1_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-26Name : The remote openSUSE host is missing a security update.
File : suse_11_2_bind-100121.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-021.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-888-1.nasl - Type : ACT_GATHER_INFO
2010-01-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
https://bugzilla.redhat.com/show_bug.cgi?id=554851
https://bugzilla.redhat.com/show_bug.cgi?id=557121
https://www.isc.org/advisories/CVE-2009-4022v6
DEBIAN http://www.debian.org/security/2010/dsa-2054
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
MLIST http://marc.info/?l=oss-security&m=126393609503704&w=2
http://marc.info/?l=oss-security&m=126399602810086&w=2
REDHAT https://rhn.redhat.com/errata/RHSA-2010-0062.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
UBUNTU http://www.ubuntu.com/usn/USN-888-1
VUPEN http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0622
http://www.vupen.com/english/advisories/2010/1352

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2017-09-19 09:23:37
  • Multiple Updates
2017-04-22 13:25:52
  • Multiple Updates
2016-04-04 21:25:26
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2014-10-29 13:24:29
  • Multiple Updates
2014-02-17 10:53:33
  • Multiple Updates
2013-05-10 23:17:01
  • Multiple Updates