Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0290

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

Published

2010-01-22T22:00:00.617

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	9.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.0	Yes
Application	isc	bind	9.0.1	Yes
Application	isc	bind	9.0.1	Yes
Application	isc	bind	9.0.1	Yes
Application	isc	bind	9.1	Yes
Application	isc	bind	9.1.0	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.1	Yes
Application	isc	bind	9.1.2	Yes
Application	isc	bind	9.1.2	Yes
Application	isc	bind	9.1.3	Yes
Application	isc	bind	9.1.3	Yes
Application	isc	bind	9.1.3	Yes
Application	isc	bind	9.1.3	Yes
Application	isc	bind	9.2	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.0	Yes
Application	isc	bind	9.2.1	Yes
Application	isc	bind	9.2.1	Yes
Application	isc	bind	9.2.1	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.2	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.3	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.4	Yes
Application	isc	bind	9.2.5	Yes
Application	isc	bind	9.2.5	Yes
Application	isc	bind	9.2.5	Yes
Application	isc	bind	9.2.6	Yes
Application	isc	bind	9.2.6	Yes
Application	isc	bind	9.2.7	Yes
Application	isc	bind	9.2.7	Yes
Application	isc	bind	9.2.7	Yes
Application	isc	bind	9.2.7	Yes
Application	isc	bind	9.2.8	Yes
Application	isc	bind	9.2.9	Yes
Application	isc	bind	9.2.9	Yes
Application	isc	bind	9.3	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.0	Yes
Application	isc	bind	9.3.1	Yes
Application	isc	bind	9.3.1	Yes
Application	isc	bind	9.3.1	Yes
Application	isc	bind	9.3.2	Yes
Application	isc	bind	9.3.2	Yes
Application	isc	bind	9.3.3	Yes
Application	isc	bind	9.3.3	Yes
Application	isc	bind	9.3.3	Yes
Application	isc	bind	9.3.3	Yes
Application	isc	bind	9.3.4	Yes
Application	isc	bind	9.3.5	Yes
Application	isc	bind	9.3.5	Yes
Application	isc	bind	9.3.5	Yes
Application	isc	bind	9.3.6	Yes
Application	isc	bind	9.3.6	Yes
Application	isc	bind	9.4	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.1	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.0	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.1	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.2	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes
Application	isc	bind	9.10.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html ([email protected])
http://marc.info/?l=oss-security&m=126393609503704&w=2 ([email protected])
http://marc.info/?l=oss-security&m=126399602810086&w=2 ([email protected])
http://secunia.com/advisories/38219 Vendor Advisory ([email protected])
http://secunia.com/advisories/38240 Vendor Advisory ([email protected])
http://secunia.com/advisories/40086 ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 ([email protected])
http://www.debian.org/security/2010/dsa-2054 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 ([email protected])
http://www.ubuntu.com/usn/USN-888-1 ([email protected])
http://www.vupen.com/english/advisories/2010/0176 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0622 ([email protected])
http://www.vupen.com/english/advisories/2010/1352 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=554851 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=557121 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884 ([email protected])
https://rhn.redhat.com/errata/RHSA-2010-0062.html ([email protected])
https://www.isc.org/advisories/CVE-2009-4022v6 Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126393609503704&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=126399602810086&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38219 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38240 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40086 (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2054 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-888-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0176 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0622 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1352 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=554851 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=557121 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884 (af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0062.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.isc.org/advisories/CVE-2009-4022v6 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)