CVE-2009-4022 Information

Feb 14, 2021 cve

Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x 9.4 before 9.4.3-P4 9.5 before 9.5.2-P1 9.6 before 9.6.1-P2 and 9.7 beta before 9.7.0b3 with DNSSEC validation enabled and checking disabled (CD) allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data which is not properly handled when the response is processed \at the same time as requesting DNSSEC records (DO)\ aka Bug 20438.

Reference

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/60493 http://secunia.com/advisories/37426 http://secunia.com/advisories/37491 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/39334 http://secunia.com/advisories/40730 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 http://support.apple.com/kb/HT5002 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 http://www.kb.cert.org/vuls/id/418861 http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 http://www.openwall.com/lists/oss-security/2009/11/24/1 http://www.openwall.com/lists/oss-security/2009/11/24/2 http://www.openwall.com/lists/oss-security/2009/11/24/8 http://www.redhat.com/support/errata/RHSA-2009-1620.html http://www.securityfocus.com/bid/37118 http://www.ubuntu.com/usn/USN-888-1 http://www.vupen.com/english/advisories/2009/3335 http://www.vupen.com/english/advisories/2010/0176 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0622 https://bugzilla.redhat.com/show_bug.cgi?id=538744 https://exchange.xforce.ibmcloud.com/vulnerabilities/54416 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 https://issues.rpath.com/browse/RPL-3152 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10821 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11745 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7261 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7459 https://www.isc.org/advisories/CVE2009-4022 https://www.isc.org/advisories/CVE-2009-4022v6 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html

Share on: