Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/37426
http://secunia.com/advisories/37491
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/39334
http://secunia.com/advisories/40730
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
http://support.apple.com/kb/HT5002
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
http://www.kb.cert.org/vuls/id/418861
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
http://www.openwall.com/lists/oss-security/2009/11/24/1
http://www.openwall.com/lists/oss-security/2009/11/24/2
http://www.openwall.com/lists/oss-security/2009/11/24/8
http://www.redhat.com/support/errata/RHSA-2009-1620.html
http://www.securityfocus.com/bid/37118
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2009/3335
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0528
http://www.vupen.com/english/advisories/2010/0622
https://bugzilla.redhat.com/show_bug.cgi?id=538744
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-3152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
https://www.isc.org/advisories/CVE2009-4022
https://www.isc.org/advisories/CVE-2009-4022v6
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Source: MITRE
Published: 2009-11-25
Updated: 2017-09-19
Type: NVD-CWE-noinfo
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW