CVE-2009-4022Bind vulnerability

14 documents9 sources
Severity
2.6LOWNVD
EPSS
20.0%
top 4.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind9ISC Bind
Timeline
PublishedNov 25
Latest updateMay 3

Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

Debianisc/bind9< 1:9.6.1.dfsg.P2-1+3
NVDisc/bind37 versions+36

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-2jw5-w5pg-58h8: Unspecified vulnerability in ISC BIND 92022-05-03
CVEList
CVE-2009-4022: Unspecified vulnerability in ISC BIND 92009-11-25
OSV
CVE-2009-4022: Unspecified vulnerability in ISC BIND 92009-11-25

📋Vendor Advisories

7
Ubuntu
Bind vulnerabilities2010-01-20
Red Hat
BIND upstream fix for CVE-2009-4022 is incomplete2010-01-19
Red Hat
bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-40222010-01-19
BSD
FreeBSD-SA-10:01.bind: BIND named(8) cache poisoning with DNSSEC validation2010-01-06
Ubuntu
Bind vulnerability2009-12-07

💬Community

3
Bugzilla
CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-40222010-01-22
Bugzilla
CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete2010-01-20
Bugzilla
CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses2009-11-19
CVE-2009-4022 — ISC Bind vulnerability | cvebase