{"id":"CVE-2009-4022","details":"Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed \"at the same time as requesting DNSSEC records (DO),\" aka Bug 20438.","modified":"2026-02-04T04:23:46.428479Z","published":"2009-11-25T16:30:00Z","related":["openSUSE-SU-2024:10467-1"],"references":[{"type":"ADVISORY","url":"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc"},{"type":"ADVISORY","url":"http://secunia.com/advisories/37426"},{"type":"ADVISORY","url":"http://secunia.com/advisories/37491"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38219"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38240"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38794"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38834"},{"type":"ADVISORY","url":"http://secunia.com/advisories/39334"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40730"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:304"},{"type":"ADVISORY","url":"http://www.redhat.com/support/errata/RHSA-2009-1620.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-888-1"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/3335"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0176"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0528"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0622"},{"type":"ADVISORY","url":"https://www.isc.org/advisories/CVE-2009-4022v6"},{"type":"ADVISORY","url":"https://www.isc.org/advisories/CVE2009-4022"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=538744"},{"type":"WEB","url":"ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"},{"type":"WEB","url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"type":"WEB","url":"http://lists.vmware.com/pipermail/security-announce/2010/000082.html"},{"type":"WEB","url":"http://osvdb.org/60493"},{"type":"WEB","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1"},{"type":"WEB","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1"},{"type":"WEB","url":"http://support.apple.com/kb/HT5002"},{"type":"WEB","url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018"},{"type":"WEB","url":"http://www.ibm.com/support/docview.wss?uid=isg1IZ68597"},{"type":"WEB","url":"http://www.ibm.com/support/docview.wss?uid=isg1IZ71667"},{"type":"WEB","url":"http://www.ibm.com/support/docview.wss?uid=isg1IZ71774"},{"type":"WEB","url":"http://www.kb.cert.org/vuls/id/418861"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2009/11/24/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2009/11/24/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2009/11/24/8"},{"type":"WEB","url":"http://www.securityfocus.com/bid/37118"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54416"},{"type":"WEB","url":"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"},{"type":"WEB","url":"https://issues.rpath.com/browse/RPL-3152"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html"}],"schema_version":"1.7.3"}