CVE-2009-4022 - Vulnerability Details

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Isc	Bind
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:9.0:::::::*
	cpe:2.3:a:isc:bind:9.0.0:rc1::::::
	cpe:2.3:a:isc:bind:9.0.0:rc2::::::
	cpe:2.3:a:isc:bind:9.0.0:rc3::::::
	cpe:2.3:a:isc:bind:9.0.0:rc4::::::
	cpe:2.3:a:isc:bind:9.0.0:rc5::::::
	cpe:2.3:a:isc:bind:9.0.0:rc6::::::
	cpe:2.3:a:isc:bind:9.0.1:::::::*
	cpe:2.3:a:isc:bind:9.0.1:rc1::::::
	cpe:2.3:a:isc:bind:9.0.1:rc2::::::
	cpe:2.3:a:isc:bind:9.1:::::::*
	cpe:2.3:a:isc:bind:9.1.0:rc1::::::
	cpe:2.3:a:isc:bind:9.1.1:::::::*
	cpe:2.3:a:isc:bind:9.1.1:rc1::::::
	cpe:2.3:a:isc:bind:9.1.1:rc2::::::
	cpe:2.3:a:isc:bind:9.1.1:rc3::::::
	cpe:2.3:a:isc:bind:9.1.1:rc4::::::
	cpe:2.3:a:isc:bind:9.1.1:rc5::::::
	cpe:2.3:a:isc:bind:9.1.1:rc6::::::
	cpe:2.3:a:isc:bind:9.1.1:rc7::::::
	cpe:2.3:a:isc:bind:9.1.2:::::::*
	cpe:2.3:a:isc:bind:9.1.2:rc1::::::
	cpe:2.3:a:isc:bind:9.1.3:::::::*
	cpe:2.3:a:isc:bind:9.1.3:rc1::::::
	cpe:2.3:a:isc:bind:9.1.3:rc2::::::
	cpe:2.3:a:isc:bind:9.1.3:rc3::::::
	cpe:2.3:a:isc:bind:9.2:::::::*
	cpe:2.3:a:isc:bind:9.2.0:::::::*
	cpe:2.3:a:isc:bind:9.2.0:a1::::::
	cpe:2.3:a:isc:bind:9.2.0:a2::::::
	cpe:2.3:a:isc:bind:9.2.0:a3::::::
	cpe:2.3:a:isc:bind:9.2.0:b1::::::
	cpe:2.3:a:isc:bind:9.2.0:b2::::::
	cpe:2.3:a:isc:bind:9.2.0:rc1::::::
	cpe:2.3:a:isc:bind:9.2.0:rc10::::::
	cpe:2.3:a:isc:bind:9.2.0:rc2::::::
	cpe:2.3:a:isc:bind:9.2.0:rc3::::::
	cpe:2.3:a:isc:bind:9.2.0:rc4::::::
	cpe:2.3:a:isc:bind:9.2.0:rc5::::::
	cpe:2.3:a:isc:bind:9.2.0:rc6::::::
	cpe:2.3:a:isc:bind:9.2.0:rc7::::::
	cpe:2.3:a:isc:bind:9.2.0:rc8::::::
	cpe:2.3:a:isc:bind:9.2.0:rc9::::::
	cpe:2.3:a:isc:bind:9.2.1:::::::*
	cpe:2.3:a:isc:bind:9.2.1:rc1::::::
	cpe:2.3:a:isc:bind:9.2.1:rc2::::::
	cpe:2.3:a:isc:bind:9.2.2:::::::*
	cpe:2.3:a:isc:bind:9.2.2:p2::::::
	cpe:2.3:a:isc:bind:9.2.2:p3::::::
	cpe:2.3:a:isc:bind:9.2.2:rc1::::::
	cpe:2.3:a:isc:bind:9.2.3:::::::*
	cpe:2.3:a:isc:bind:9.2.3:rc1::::::
	cpe:2.3:a:isc:bind:9.2.3:rc2::::::
	cpe:2.3:a:isc:bind:9.2.3:rc3::::::
	cpe:2.3:a:isc:bind:9.2.3:rc4::::::
	cpe:2.3:a:isc:bind:9.2.4:::::::*
	cpe:2.3:a:isc:bind:9.2.4:rc2::::::
	cpe:2.3:a:isc:bind:9.2.4:rc3::::::
	cpe:2.3:a:isc:bind:9.2.4:rc4::::::
	cpe:2.3:a:isc:bind:9.2.4:rc5::::::
	cpe:2.3:a:isc:bind:9.2.4:rc6::::::
	cpe:2.3:a:isc:bind:9.2.4:rc7::::::
	cpe:2.3:a:isc:bind:9.2.4:rc8::::::
	cpe:2.3:a:isc:bind:9.2.5:::::::*
cpe:2.3:a:isc:bind:9.2.5:b2::::::
cpe:2.3:a:isc:bind:9.2.5:rc1::::::
cpe:2.3:a:isc:bind:9.2.6:::::::*
cpe:2.3:a:isc:bind:9.2.6:rc1::::::
cpe:2.3:a:isc:bind:9.2.7:::::::*
cpe:2.3:a:isc:bind:9.2.7:rc1::::::
cpe:2.3:a:isc:bind:9.2.7:rc2::::::
cpe:2.3:a:isc:bind:9.2.7:rc3::::::
cpe:2.3:a:isc:bind:9.2.8:::::::*
cpe:2.3:a:isc:bind:9.2.9:::::::*
cpe:2.3:a:isc:bind:9.2.9:rc1::::::
cpe:2.3:a:isc:bind:9.3:::::::*
cpe:2.3:a:isc:bind:9.3.0:::::::*
cpe:2.3:a:isc:bind:9.3.0:b2::::::
cpe:2.3:a:isc:bind:9.3.0:b3::::::
cpe:2.3:a:isc:bind:9.3.0:b4::::::
cpe:2.3:a:isc:bind:9.3.0:rc1::::::
cpe:2.3:a:isc:bind:9.3.0:rc2::::::
cpe:2.3:a:isc:bind:9.3.0:rc3::::::
cpe:2.3:a:isc:bind:9.3.0:rc4::::::
cpe:2.3:a:isc:bind:9.3.1:::::::*
cpe:2.3:a:isc:bind:9.3.1:b2::::::
cpe:2.3:a:isc:bind:9.3.1:rc1::::::
cpe:2.3:a:isc:bind:9.3.2:::::::*
cpe:2.3:a:isc:bind:9.3.2:rc1::::::
cpe:2.3:a:isc:bind:9.3.3:::::::*
cpe:2.3:a:isc:bind:9.3.3:rc1::::::
cpe:2.3:a:isc:bind:9.3.3:rc2::::::
cpe:2.3:a:isc:bind:9.3.3:rc3::::::
cpe:2.3:a:isc:bind:9.3.4:::::::*
cpe:2.3:a:isc:bind:9.3.5:::::::*
cpe:2.3:a:isc:bind:9.3.5:rc1::::::
cpe:2.3:a:isc:bind:9.3.5:rc2::::::
cpe:2.3:a:isc:bind:9.3.6:::::::*
cpe:2.3:a:isc:bind:9.3.6:rc1::::::
cpe:2.3:a:isc:bind:9.4.0:::::::*
cpe:2.3:a:isc:bind:9.4.0:a1::::::
cpe:2.3:a:isc:bind:9.4.0:a2::::::
cpe:2.3:a:isc:bind:9.4.0:a3::::::
cpe:2.3:a:isc:bind:9.4.0:a4::::::
cpe:2.3:a:isc:bind:9.4.0:a5::::::
cpe:2.3:a:isc:bind:9.4.0:a6::::::
cpe:2.3:a:isc:bind:9.4.0:b1::::::
cpe:2.3:a:isc:bind:9.4.0:b2::::::
cpe:2.3:a:isc:bind:9.4.0:b3::::::
cpe:2.3:a:isc:bind:9.4.0:b4::::::
cpe:2.3:a:isc:bind:9.4.0:rc1::::::
cpe:2.3:a:isc:bind:9.4.0:rc2::::::
cpe:2.3:a:isc:bind:9.4.1:::::::*
cpe:2.3:a:isc:bind:9.4.2:::::::*
cpe:2.3:a:isc:bind:9.4.2:rc1::::::
cpe:2.3:a:isc:bind:9.4.2:rc2::::::
cpe:2.3:a:isc:bind:9.4.3:::::::*
cpe:2.3:a:isc:bind:9.4.3:b1::::::
cpe:2.3:a:isc:bind:9.4.3:b2::::::
cpe:2.3:a:isc:bind:9.4.3:b3::::::
cpe:2.3:a:isc:bind:9.4.3:p1::::::
cpe:2.3:a:isc:bind:9.4.3:p2::::::
cpe:2.3:a:isc:bind:9.4.3:p3::::::
cpe:2.3:a:isc:bind:9.4.3:rc1::::::
cpe:2.3:a:isc:bind:9.5.0:::::::*
cpe:2.3:a:isc:bind:9.5.0:a1::::::
cpe:2.3:a:isc:bind:9.5.0:a2::::::
cpe:2.3:a:isc:bind:9.5.0:a3::::::
cpe:2.3:a:isc:bind:9.5.0:a4::::::
cpe:2.3:a:isc:bind:9.5.0:a5::::::
cpe:2.3:a:isc:bind:9.5.0:a6::::::
cpe:2.3:a:isc:bind:9.5.0:a7::::::
cpe:2.3:a:isc:bind:9.5.0:b1::::::
cpe:2.3:a:isc:bind:9.5.0:b2::::::
cpe:2.3:a:isc:bind:9.5.0:b3::::::
cpe:2.3:a:isc:bind:9.5.0:p1::::::
cpe:2.3:a:isc:bind:9.5.0:p2::::::
cpe:2.3:a:isc:bind:9.5.0:p2_w1::::::
cpe:2.3:a:isc:bind:9.5.0:p2_w2::::::
cpe:2.3:a:isc:bind:9.5.0:rc1::::::
cpe:2.3:a:isc:bind:9.5.1:::::::*
cpe:2.3:a:isc:bind:9.5.1:b1::::::
cpe:2.3:a:isc:bind:9.5.1:b2::::::
cpe:2.3:a:isc:bind:9.5.1:b3::::::
cpe:2.3:a:isc:bind:9.5.1:rc1::::::
cpe:2.3:a:isc:bind:9.5.1:rc2::::::
cpe:2.3:a:isc:bind:9.5.2:::::::*
cpe:2.3:a:isc:bind:9.5.2:b1::::::
cpe:2.3:a:isc:bind:9.5.2:rc1::::::
cpe:2.3:a:isc:bind:9.6.0:::::::*
cpe:2.3:a:isc:bind:9.6.0:a1::::::
cpe:2.3:a:isc:bind:9.6.0:b1::::::
cpe:2.3:a:isc:bind:9.6.0:p1::::::
cpe:2.3:a:isc:bind:9.6.0:rc1::::::
cpe:2.3:a:isc:bind:9.6.0:rc2::::::
cpe:2.3:a:isc:bind:9.6.1:::::::*
cpe:2.3:a:isc:bind:9.6.1:b1::::::
cpe:2.3:a:isc:bind:9.6.1:p1::::::
cpe:2.3:a:isc:bind:9.6.1:rc1::::::
cpe:2.3:a:isc:bind:9.7.0:::::::*
cpe:2.3:a:isc:bind:9.7.0:a1::::::
cpe:2.3:a:isc:bind:9.7.0:a2::::::
cpe:2.3:a:isc:bind:9.7.0:a3::::::
cpe:2.3:a:isc:bind:9.7.0:b1::::::
cpe:2.3:a:isc:bind:9.7.0:b2::::::
cpe:2.3:a:isc:bind:9.7.0:b3::::::
cpe:2.3:a:isc:bind:9.7.0:p1::::::
cpe:2.3:a:isc:bind:9.7.0:rc1::::::
cpe:2.3:a:isc:bind:9.7.0:rc2::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
bind-30:9.3.6-4.P1.el5_4.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1620	2009-11-30T00:00:00Z

References

Link	Providers
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://osvdb.org/60493
http://secunia.com/advisories/37426
http://secunia.com/advisories/37491
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/39334
http://secunia.com/advisories/40730
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
http://support.apple.com/kb/HT5002
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
http://www.kb.cert.org/vuls/id/418861
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
http://www.openwall.com/lists/oss-security/2009/11/24/1
http://www.openwall.com/lists/oss-security/2009/11/24/2
http://www.openwall.com/lists/oss-security/2009/11/24/8
http://www.redhat.com/support/errata/RHSA-2009-1620.html
http://www.securityfocus.com/bid/37118
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2009/3335
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0622
https://bugzilla.redhat.com/show_bug.cgi?id=538744
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-3152
https://nvd.nist.gov/vuln/detail/CVE-2009-4022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
https://www.cve.org/CVERecord?id=CVE-2009-4022
https://www.isc.org/advisories/CVE-2009-4022v6
https://www.isc.org/advisories/CVE2009-4022
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-11-25T16:00:00

Updated: 2024-08-07T06:45:50.986Z

Reserved: 2009-11-20T00:00:00

Link: CVE-2009-4022

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-11-25T16:30:00.937

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-4022

Redhat

Severity : Moderate

Publid Date: 2009-11-23T00:00:00Z

Links: CVE-2009-4022 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "oval:org.mitre.oval:def:7261", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"}, {"name": "40730", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40730"}, {"name": "37426", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37426"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"}, {"name": "oval:org.mitre.oval:def:10821", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"}, {"name": "ADV-2010-0176", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0176"}, {"name": "bind-dnssec-cache-poisoning(54416)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"}, {"name": "37118", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37118"}, {"name": "38794", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38794"}, {"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"name": "60493", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/60493"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.isc.org/advisories/CVE-2009-4022v6"}, {"name": "38240", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38240"}, {"name": "FEDORA-2009-12218", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"}, {"name": "37491", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37491"}, {"name": "USN-888-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-888-1"}, {"name": "oval:org.mitre.oval:def:7459", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"}, {"name": "[oss-security] 20091124 Re: a new bind issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"}, {"name": "VU#418861", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/418861"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.isc.org/advisories/CVE2009-4022"}, {"name": "IZ71667", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"}, {"name": "1021798", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"}, {"name": "APPLE-SA-2011-10-12-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"}, {"name": "39334", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39334"}, {"name": "[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"}, {"name": "MDVSA-2009:304", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"}, {"name": "ADV-2009-3335", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3335"}, {"name": "ADV-2010-0622", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0622"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-3152"}, {"name": "IZ68597", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"}, {"name": "38834", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38834"}, {"name": "38219", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38219"}, {"name": "oval:org.mitre.oval:def:11745", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"}, {"name": "IZ71774", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"}, {"name": "FEDORA-2009-12233", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT5002"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"}, {"name": "RHSA-2009:1620", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"}, {"name": "[oss-security] 20091124 a new bind issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"}, {"name": "1021660", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"}, {"name": "ADV-2010-0528", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0528"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.986Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:7261", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"}, {"name": "40730", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40730"}, {"name": "37426", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37426"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"}, {"name": "oval:org.mitre.oval:def:10821", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"}, {"name": "ADV-2010-0176", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0176"}, {"name": "bind-dnssec-cache-poisoning(54416)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"}, {"name": "37118", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37118"}, {"name": "38794", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38794"}, {"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"name": "60493", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/60493"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.isc.org/advisories/CVE-2009-4022v6"}, {"name": "38240", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38240"}, {"name": "FEDORA-2009-12218", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"}, {"name": "37491", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37491"}, {"name": "USN-888-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-888-1"}, {"name": "oval:org.mitre.oval:def:7459", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"}, {"name": "[oss-security] 20091124 Re: a new bind issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"}, {"name": "VU#418861", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/418861"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.isc.org/advisories/CVE2009-4022"}, {"name": "IZ71667", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"}, {"name": "1021798", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"}, {"name": "APPLE-SA-2011-10-12-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"}, {"name": "39334", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39334"}, {"name": "[oss-security] 20091124 CVE request: BIND 9 bug involving DNSSEC and the additional section", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"}, {"name": "MDVSA-2009:304", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"}, {"name": "ADV-2009-3335", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3335"}, {"name": "ADV-2010-0622", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0622"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-3152"}, {"name": "IZ68597", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"}, {"name": "38834", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38834"}, {"name": "38219", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38219"}, {"name": "oval:org.mitre.oval:def:11745", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"}, {"name": "IZ71774", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"}, {"name": "FEDORA-2009-12233", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT5002"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"}, {"name": "RHSA-2009:1620", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"}, {"name": "[oss-security] 20091124 a new bind issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"}, {"name": "1021660", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"}, {"name": "ADV-2010-0528", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0528"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4022", "datePublished": "2009-11-25T16:00:00", "dateReserved": "2009-11-20T00:00:00", "dateUpdated": "2024-08-07T06:45:50.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52373DC-3E05-424B-9C78-4092A75C75A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "AFE06E29-0A16-4034-A2BB-696A49798F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "75CECA87-F721-429B-8062-D3297233C14D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "2F1447B1-A25F-45CC-B721-3204D7107999", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "C61FB240-C932-4A3A-874D-5872F01EB352", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "999AF289-8D73-4648-ABCB-4853B9B1F230", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "6743968D-DDB2-4478-867A-642CCC492B96", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "098633E6-88F0-4DBC-986F-D11EDA29877F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "78725CCE-C153-4B00-8E76-ED6DFC1C86A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "1950F046-FBD4-4A92-BA70-5E80374A12AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1861756C-CC81-4EAB-8427-57A3C62BFF96", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5E53EFD9-16B8-457D-8C27-7771018EA524", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDD642FC-1764-4090-A32D-830CEAE69E53", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "79503328-9EE2-414E-A6E8-B3BABA0D6CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "2ABA5AA3-8951-4158-A4C6-64BE2010D39B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "77A2D767-8E2D-4D65-ACF3-634B055023CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "D28C3D4C-5C3B-4686-9F67-6379C2AC338A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "543DE620-09A2-4055-B30C-803C714237B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "2C16513C-48A1-4FB6-AB11-F844ABC4BB66", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "607BF60B-27F1-4C85-BB5F-D66FEA05CD4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DE954FD0-56AF-4757-BAA8-B0C64703F6AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "0EC243E5-D80C-43A8-AD12-5DA0FA442086", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF891263-4ACE-47C3-83F3-C06E49F32451", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "01C3704B-8328-46C3-ACB1-D27FD7DED508", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "FF9000CE-EB3A-4194-84D1-4BB4C5010D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "19A4E6C3-CF69-4A81-B179-EB8F656E72AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F947835-8E96-4793-B81E-EEC103BF0CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6520F4-B203-400A-8629-8A40B739DB11", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*", "matchCriteriaId": "55D7907A-46D1-4F7D-8B2F-321214204704", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*", "matchCriteriaId": "B06686CF-0FFD-45D8-A9F6-D13DCF3E6EB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*", "matchCriteriaId": "EBF04613-7F33-4A63-A776-47C9A0BDBF1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*", "matchCriteriaId": "FA3C3939-2065-4A8C-99F8-BE44D1D2ABA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*", "matchCriteriaId": "DEE416F3-CDAE-4285-9EC7-F3E161EDCA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "365BFA38-A0F6-4D48-A6B5-E534F88516DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*", "matchCriteriaId": "CF2F3360-F5C2-47C1-B2E7-935CDB47407A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "52FBAE24-C9F7-4756-A7A0-A877ABFC3444", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "A7230CE4-CD95-484C-A004-457FD4484403", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "A0BB3172-BFBC-4F56-8116-6EEC30FD566F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "D40FB919-A955-419D-9BEC-835F93E4FEF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "FF8A8F48-A890-4837-8C76-1A690523B39B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "399D70C9-8E61-4624-A7AD-9410AA7641B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "2BB2F03D-96C6-49CD-80FA-570FF72B493F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*", "matchCriteriaId": "60DC3DF4-4B36-4AA8-8561-C4255A8C4E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AF07E87-B109-4B15-A358-7A454502E077", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "2E5D0852-413F-4875-93F5-64DDBCA6E85E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "301BF336-6AF6-4705-9BF1-00ED6608F572", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "614C9459-D526-4880-AE03-4A1558CB941F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*", "matchCriteriaId": "A8B15E71-656A-4EB7-96B2-2CC9A2C19DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*", "matchCriteriaId": "A969C3E7-9E4F-4767-86D1-7E6B3970A7B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "34B56EBF-6218-46B7-A9F2-288E40635FAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1CFA05CD-0BE4-4E85-A3DE-8B3E2622159F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "A10ACCBC-6697-4BCB-9748-B966D83E0C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "719382EA-7D4E-46F2-92ED-DCA83AE685BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "9EDF0B51-76D3-4BD8-A2C7-6F21153CB886", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*", "matchCriteriaId": "2D800F08-9B7A-4284-B2EF-DCDF60DEEC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "D43375C5-0736-43DE-99B5-B75719D0AD0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E492452-CBDB-43BC-A9AD-21AA84EA0653", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*", "matchCriteriaId": "D5BD68D9-6CD9-48A7-A242-38B9ADD420BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*", "matchCriteriaId": "65C15AB2-DCA7-4983-A741-3CA1D4A391A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*", "matchCriteriaId": "6C6DB780-C075-462C-B426-1917A020C4BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*", "matchCriteriaId": "3B4FD922-49B2-4953-8EF2-9018B104BC20", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*", "matchCriteriaId": "367DC15C-7174-4463-8D4B-B3E43AC0A57E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*", "matchCriteriaId": "CAEC7B62-DBBF-4ADD-81F7-8AD1F3642E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E4360536-0BA6-41DB-AA87-45AFB51562CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*", "matchCriteriaId": "E3CBD1CC-14DF-4F00-9A5E-6D7A6604A8A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "93C5ED24-5A13-4F06-BC9F-B8B8F46C1888", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "438AEC8C-DD71-4A25-9E9D-A89415F7EC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "36A47938-C5AC-4471-A791-6F21AE20B85C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "2CDF6B08-6BA8-400C-BF01-ABD2306FE0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "AFEDAAA4-AB94-43C6-97AE-B6E87D8E81B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "FAF29410-5230-42F9-BC07-B940FC66DA62", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "82068202-DF42-4808-A5C7-1A68B05EA1C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "3014690C-784C-487D-A378-4B977C8460E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "90E4653A-C63A-4568-BFF2-ECAB7AB5A55C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.2.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "FCF6B377-2B03-429D-B452-3269E6FA8031", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "8FA93166-513D-40AA-9855-FC89060BA03C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "847C1017-F964-4A33-BEA8-DDB202DD0FB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*", "matchCriteriaId": "87B48470-26BF-4AE5-BEF3-7A2C82D59513", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*", "matchCriteriaId": "D795C310-AC2A-4680-B516-508F7AF584AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*", "matchCriteriaId": "EAA7F932-4DA1-4B03-8761-AB2353B4935E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F5DC0048-3DC4-40A7-99A2-7686B3DA4FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F43C77D0-2052-417D-9EA8-1A89A06BF010", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F574AA97-6037-4957-9BDD-6C720B3A292B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "6B67499F-7A9D-467B-834B-F4D61DBBE313", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B0D8854-64B6-42C9-B4D2-B2AF16AC0F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*", "matchCriteriaId": "6CB6CACC-3E1E-4115-AC9B-C9F99522D4C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "062A3D39-9B49-49D3-8FB4-FB4FC4A71D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "92F95086-3107-4C38-BB3B-7BABA9BD15C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "8669EA1C-DAA7-44FC-B675-01641BB8787E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "1AE49740-2220-4305-BB8A-80E56CF4D9E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "0AD5E3F3-CAF7-4A41-A26E-087D74799EF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "9730D243-BBDF-483B-B709-7EDF708CE277", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "EAD0B6DB-91E5-4891-BA45-A68BEA6FBB51", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "A5B579EF-A538-4AA4-BDE8-CDB39E155A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "23BFA179-11A1-436D-805A-9814B85AEEB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "3D881EBA-B012-4014-A08F-F6B3795653C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "9431455C-07E8-40E7-87D9-E6FE6F53D76D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "01CA8370-ACF5-4DEC-8D3C-C502A97A101C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.3.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "A92E77F8-43FE-49C7-BCDA-1F6E8EB0DD2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D7C7524-6943-4D94-8835-0221F0F0CD63", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*", "matchCriteriaId": "C4B45FE3-307E-4599-B2CF-5203FA606469", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*", "matchCriteriaId": "F12E3841-1CF0-4969-A286-50769BAE31EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*", "matchCriteriaId": "D8B11586-1274-422D-873A-25DF193FB0C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*", "matchCriteriaId": "87D61CDA-BB78-4957-A502-6D77B567B3F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*", "matchCriteriaId": "5A31533C-BD6E-4EB4-8047-3257BF51F592", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*", "matchCriteriaId": "D8537C88-4F73-43DD-9BDC-AF470882EED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*", "matchCriteriaId": "6D7D1A96-0A8E-4E3A-9442-701E3D1A1F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*", "matchCriteriaId": "93C23313-817F-4AB5-9058-31B0C7F954A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*", "matchCriteriaId": "FA9F93EC-1AA2-43A6-9869-8974C819370A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*", "matchCriteriaId": "726720E2-4B59-4665-A72E-E2E996957EAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8F0AA9D0-9657-4E18-BF8B-45284C2D40A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "32E4FEA8-A654-4E9F-8948-5878E7C427C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "916D4013-27A5-4688-A985-A9B77F90AC45", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F8583B8D-54A4-4064-810B-34F4F5A33A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "932E3F02-DD98-43FC-8077-50506E512989", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "63C2A2FD-7AE7-462A-99B2-809BE1F35C15", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E01A12DF-E94B-426E-8751-96FC56105D5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*", "matchCriteriaId": "7717B1A2-CAF5-49F3-AC73-273074BBEE02", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*", "matchCriteriaId": "F037EE61-50D6-4C1E-B24B-25A6D212E7E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*", "matchCriteriaId": "5140F118-BC25-43CB-B19C-0885A44D6646", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:p1:*:*:*:*:*:*", "matchCriteriaId": "099A0900-9A16-4431-BECA-B02D7C810153", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*", "matchCriteriaId": "82B9397F-463E-4F73-86F6-4EF3368E14BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:p3:*:*:*:*:*:*", "matchCriteriaId": "CAC96840-758A-4A47-8D12-AA42640778C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "19ADAB10-BDD0-409E-93C2-9E7223464131", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "32CEF8AD-9EE7-4ADA-888E-883751962529", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*", "matchCriteriaId": "76B4ED8A-9182-4403-8F66-3EB360E73477", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*", "matchCriteriaId": "84046EF9-AF5F-43FA-8E2C-11C7A01D17F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*", "matchCriteriaId": "7545BB70-5C74-47A7-BB07-765BC8C2A5A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*", "matchCriteriaId": "AE6BFDBD-DE4D-407F-86A4-FA78F99AA531", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*", "matchCriteriaId": "4337C3FF-C15B-4EFD-AA13-F9CA0542C2FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*", "matchCriteriaId": "AB6534DE-1ACB-4BCE-87A4-901F02F6CDCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*", "matchCriteriaId": "BE5F1A64-2428-4F85-8B93-3E324E983D2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*", "matchCriteriaId": "5F5D6222-3C1D-42FA-8882-1EE28B94D900", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*", "matchCriteriaId": "08899782-3182-46EB-947D-3BA9C371ACA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*", "matchCriteriaId": "575443B1-1638-497E-BCCF-E725B386ED88", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*", "matchCriteriaId": "30616740-FC69-4B92-B997-B7AF7643656D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*", "matchCriteriaId": "3E306D3A-11AE-4F35-971E-B47D47628052", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*", "matchCriteriaId": "4FF37B1D-04AD-4E37-A238-34BE7C5311E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*", "matchCriteriaId": "6AAEE115-8EA0-4E2B-9960-647967B39606", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "90EE9C4A-F014-4ABA-9C4C-5D9561DD0A47", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F592D0F-095C-4F3B-97E7-E92C259D0CD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:b1:*:*:*:*:*:*", "matchCriteriaId": "B6215F13-D97D-47DE-8057-906159D368A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:b2:*:*:*:*:*:*", "matchCriteriaId": "896C4F70-B1F7-49D5-9E4A-98D33B3B2E25", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:b3:*:*:*:*:*:*", "matchCriteriaId": "3A6DFF99-0890-4DE1-8AF4-6809EA485ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "C55EC1E1-4D79-4357-94CB-7E152DFDE8DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "83205FA5-56A2-4BBD-9278-2844704BAB07", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "F4449E90-2112-4860-A981-66639B9318ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.2:b1:*:*:*:*:*:*", "matchCriteriaId": "110C71B3-D6E0-485E-9C4B-3D155CE16047", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "A49A7D91-73BC-4894-A548-C46691AA66AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F42F7AF7-D37C-4213-B2BC-D2B9FE725BDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*", "matchCriteriaId": "A964450E-7DA8-478B-923E-E8CD1BA0F09C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*", "matchCriteriaId": "32FAE1EF-3BF0-4B12-8F08-AA061A6D63FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*", "matchCriteriaId": "5ABB3FC8-0A0D-4881-9137-5F6A8CCB9345", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C02A3BC0-78A4-4F4D-AA5B-3C05122137EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "178C7D9F-8699-42A3-8729-0BC6323EBDF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BEF53C6-E555-49D4-B4B2-63BA71CC77E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*", "matchCriteriaId": "2B4565A6-122B-406C-A7BE-A029F92799B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*", "matchCriteriaId": "3C09FA4C-B094-4BAC-A194-ACC28F80AF69", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "EEC21220-4207-4FE4-A7A9-9B223301B98D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B178BB5-A0DC-4014-A8CC-D89B0E2F9789", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:a1:*:*:*:*:*:*", "matchCriteriaId": "1922EC10-F75A-41A5-B8AF-CDDCAA07A8B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:a2:*:*:*:*:*:*", "matchCriteriaId": "D243C684-DD10-4F84-8806-A5E9BEBC3204", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:a3:*:*:*:*:*:*", "matchCriteriaId": "B0FC1DDA-B027-47C2-93CD-67013CB56388", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1BE753CB-A16D-4605-8640-137CD4A2BB16", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:b2:*:*:*:*:*:*", "matchCriteriaId": "037075F9-53E3-4DF6-B5C0-A6D1F5B60E6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:b3:*:*:*:*:*:*", "matchCriteriaId": "886DF882-E3F9-46E9-BC62-0A48292654D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*", "matchCriteriaId": "5B5F1155-78D6-480B-BC0A-1D36B08D2594", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E9478F4E-451D-4B4E-8054-E09522F97C59", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "87393BF8-9FE3-4501-94CA-A1AA9E38E771", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438."}, {"lang": "es", "value": "Vulnerabilidad no especificada en ISC BIND 9.0.x hasta la versi\u00f3n 9.3.x, 9.4 en versiones anteriores a 9.4.3-P4, 9.5 en versiones anteriores a 9.5.2-P1, 9.6 en versiones anteriores a 9.6.1-P2 y 9.7 beta en versiones anteriores a 9.7.0b3, con validaci\u00f3n DNSSEC habilitada y comprobaci\u00f3n deshabilitada (CD), permite a atacantes remotos llevar a cabo ataques de envenenamiento de la cach\u00e9 DNS recibiendo una consulta de cliente recursiva y enviando una respuesta que contiene una secci\u00f3n Additional con datos manipulados, lo cual no es manejado adecuadamente cuando la respuesta es procesada \"al mismo tiempo que se solicitan registros DNSSEC (DO)\", tambi\u00e9n conocida como Bug 20438."}], "id": "CVE-2009-4022", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-25T16:30:00.937", "references": [{"source": "secalert@redhat.com", "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"}, {"source": "secalert@redhat.com", "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/60493"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37426"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37491"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38219"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38240"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38794"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38834"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39334"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40730"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5002"}, {"source": "secalert@redhat.com", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"}, {"source": "secalert@redhat.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"}, {"source": "secalert@redhat.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"}, {"source": "secalert@redhat.com", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/418861"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37118"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-888-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3335"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0176"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0528"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0622"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"}, {"source": "secalert@redhat.com", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-3152"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.isc.org/advisories/CVE-2009-4022v6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.isc.org/advisories/CVE2009-4022"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/60493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38834"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39334"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/418861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-888-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-3152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.isc.org/advisories/CVE-2009-4022v6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.isc.org/advisories/CVE2009-4022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1620", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "bind-30:9.3.6-4.P1.el5_4.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-11-30T00:00:00Z"}], "bugzilla": {"description": "bind: cache poisoning using not validated DNSSEC responses", "id": "538744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438."], "name": "CVE-2009-4022", "public_date": "2009-11-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4022\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4022"], "statement": "While this flaw exists in all 9.x versions, we do not plan to release bind updates for Red Hat Enterprise Linux 3 and 4 including this fix. The version of bind shipped in those products is 9.2.4, which has an older DNSSEC implementation, which is incompatible with currently used DNSSEC version and can not be used to secure communication with current public internet DNS servers.\nThis flaw does not introduce additional risks to bind installations that are not using DNSSEC, as a successful attack requires bypass of other cache poisoning protections (such as random query source ports and transaction ids). This flaw only allows for the bypass of protection provided by DNSSEC.", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object