Home > Vulnerability Database > CVE-2009-4022

Mend.io Vulnerability Database

CVE-2009-4022

Good to know:

Date: November 25, 2009

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

Language: C

Severity Score

3.7

Related Resources (48)

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-4022

Url: http://www.redhat.com/support/errata/RHSA-2009-1620.html

Url: http://secunia.com/advisories/37426

Url: http://www.vupen.com/english/advisories/2009/3335

Url: http://www.vupen.com/english/advisories/2010/0176

Url: http://secunia.com/advisories/38834

Url: http://secunia.com/advisories/38219

Url: http://www.ibm.com/support/docview.wss?uid=isg1IZ71774

Url: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4022

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1

Url: http://secunia.com/advisories/38794

Url: http://www.kb.cert.org/vuls/id/418861

Url: http://www.securityfocus.com/bid/37118

Url: https://www.isc.org/advisories/CVE2009-4022

Url: http://osvdb.org/60493

Url: http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html

Url: http://secunia.com/advisories/37491

Url: http://secunia.com/advisories/38240

Url: http://secunia.com/advisories/40730

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:304

Url: https://access.redhat.com/security/cve/CVE-2009-4022

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/54416

Url: http://www.ibm.com/support/docview.wss?uid=isg1IZ71667

Url: https://www.isc.org/advisories/CVE-2009-4022v6

Url: https://bugzilla.redhat.com/show_bug.cgi?id=538744

Url: http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

Url: https://issues.rpath.com/browse/RPL-3152

Url: http://www.ibm.com/support/docview.wss?uid=isg1IZ68597

Url: http://secunia.com/advisories/39334

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261

Url: http://www.vupen.com/english/advisories/2010/0528

Url: http://support.apple.com/kb/HT5002

Url: http://www.vupen.com/english/advisories/2010/0622

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1

Url: ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

Url: http://www.openwall.com/lists/oss-security/2009/11/24/8

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821

Url: http://www.openwall.com/lists/oss-security/2009/11/24/2

Url: http://www.openwall.com/lists/oss-security/2009/11/24/1

Url: http://www.ubuntu.com/usn/USN-888-1

Url: https://www.mend.io/vulnerability-database/CVE-2009-4022

Severity Score

3.7

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v9_0_1,v9_4_ESV_R1,v9_5_2_P1,v9_6_1_P2,v9_7_0b3

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-4022

Good to know:

Date: November 25, 2009

Language: C

Severity Score

Related Resources (48)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?