ISC BIND DNSSEC Remote Cache Poisoning Vulnerabilities

Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010010194

Below is a copy:

I'm not assigning this one as I'm not sure if you've seen this or not.

ISC released an update today for BIND, part of it was that CVE-2009-4022
was not completely fixed:
https://www.isc.org/advisories/CVE-2009-4022

If you look down at the bottom of their advisory you can see this:
    Jan. 19 - Revised Summary, Severity, Description, Workaround, Impact &
    Solution (earlier fixes incomplete) 

As best as we can tell, this is why:
https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7

Thanks.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.