Wind River Support Network


LIN4-27917 : Security Advisory - BIND - CVE-2009-4022

Created: Dec 10, 2009    Updated: May 18, 2015
Resolved Date: Sep 12, 2010
Previous ID: LIN2-8095
Found In Version: 4.0
Fix Version: 4.0
Severity: Severe
Applicable for: Wind River Linux 4
Component/s: Userspace


Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO).

Steps to Reproduce


Other Downloads

Live chat