ghsa-2jw5-w5pg-58h8
Vulnerability from github
Published
2022-05-03 03:20
Modified
2022-05-03 03:20
Details
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
{
"affected": [],
"aliases": [
"CVE-2009-4022"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-11-25T16:30:00Z",
"severity": "LOW"
},
"details": "Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438.",
"id": "GHSA-2jw5-w5pg-58h8",
"modified": "2022-05-03T03:20:32Z",
"published": "2022-05-03T03:20:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4022"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=538744"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-3152"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"
},
{
"type": "WEB",
"url": "https://www.isc.org/advisories/CVE-2009-4022v6"
},
{
"type": "WEB",
"url": "https://www.isc.org/advisories/CVE2009-4022"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/60493"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37426"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37491"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38219"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38240"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38794"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38834"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/39334"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40730"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5002"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/418861"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/8"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1620.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37118"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-888-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3335"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0176"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0622"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.