Advertisement






ISC BIND DNSSEC Remote Cache Poisoning Vulnerabilities

CVE Category Price Severity
CVE-2009-4022 CWE-340 Not disclosed High
Author Risk Exploitation Type Date
Unknown Critical Remote 2010-01-29
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010010194

Below is a copy:

I'm not assigning this one as I'm not sure if you've seen this or not.

ISC released an update today for BIND, part of it was that CVE-2009-4022
was not completely fixed:
https://www.isc.org/advisories/CVE-2009-4022

If you look down at the bottom of their advisory you can see this:
    Jan. 19 - Revised Summary, Severity, Description, Workaround, Impact &
    Solution (earlier fixes incomplete) 

As best as we can tell, this is why:
https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7

Thanks.


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.