CVE-2009-4022
ISC BIND DNS Cache Poisoning via Crafted Additional Section
Title source: llmDescription
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
References (44)
Core 44
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-3152
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/24/8
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/24/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/24/1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37491
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40730
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37426
Various Sources x_refsource_confirm
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=538744
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37118
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38794
Various Sources mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/60493
Vendor Advisory x_refsource_confirm
https://www.isc.org/advisories/CVE-2009-4022v6
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38240
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-888-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/418861
Vendor Advisory x_refsource_confirm
https://www.isc.org/advisories/CVE2009-4022
Various Sources vendor-advisory
x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39334
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3335
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0622
Various Sources vendor-advisory
x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38834
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38219
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Various Sources vendor-advisory
x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Various Sources x_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Various Sources x_refsource_confirm
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1620.html
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0528
Scores
EPSS
0.2004
EPSS Percentile
95.6%
Details
Status
published
Products (12)
isc/bind
9.0
isc/bind
9.0.0 rc1 (6 CPE variants)
isc/bind
9.0.1 (3 CPE variants)
isc/bind
9.1
isc/bind
9.1.0 rc1
isc/bind
9.1.1 (8 CPE variants)
isc/bind
9.1.2 (2 CPE variants)
isc/bind
9.1.3 (4 CPE variants)
isc/bind
9.2
isc/bind
9.2.0 (16 CPE variants)
... and 2 more
Published
Nov 25, 2009
Tracked Since
Feb 18, 2026