CVE-2010-0290 — Bind vulnerability

8 documents8 sources

Severity

4.0MEDIUMNVD

CNA2.6OSV2.6

EPSS

4.9%

top 10.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJan 22

Latest updateMay 2

Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix…

CVSS vector

AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.7.0.dfsg-1+3

▶NVDisc/bind39 versions+38

🔴Vulnerability Details

GHSA

GHSA-h2vx-r9q8-wjqr: Unspecified vulnerability in ISC BIND 9↗2022-05-02

▶

CVEList

CVE-2010-0290: Unspecified vulnerability in ISC BIND 9↗2010-01-22

▶

OSV

CVE-2010-0290: Unspecified vulnerability in ISC BIND 9↗2010-01-22

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2010-01-20

▶

Red Hat

BIND upstream fix for CVE-2009-4022 is incomplete↗2010-01-19

▶

Debian

CVE-2010-0290: bind9 - Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, ...↗2010

▶

💬Community

Bugzilla

CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete↗2010-01-20

▶