USN-888-1 -- bind9 vulnerabilitiesID: oval:org.secpod.oval:def:700198 | Date: (C)2011-01-28 (M)2024-01-29 |
Class: PATCH | Family: unix |
It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Original advisory details: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Platform: |
Ubuntu 8.04 |
Ubuntu 8.10 |
Ubuntu 9.10 |
Ubuntu 6.06 |
Ubuntu 9.04 |