{"vuid":"VU#360341","idnumber":"360341","name":"BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses","keywords":["BIND","nxdomain","isc","ncssec"],"overview":"A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses.","clean_desc":"BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P4, 9.5.0 -> 9.5.2-P1, 9.6.0 -> 9.6.1-P2","impact":"An attacker may be able to add fake NXDOMAIN records to a resolver's cache.","resolution":"Upgrade BIND to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.","workarounds":"","sysaffected":"","thanks":"This issue was reported by \nISC","author":"This document was written by David Warren.","public":["h","t","t","p","s",":","/","/","w","w","w",".","i","s","c",".","o","r","g","/","a","d","v","i","s","o","r","i","e","s","/","C","V","E","-","2","0","1","0","-","0","0","9","7"],"cveids":["CVE-2010-0097"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-01-14T19:10:42Z","publicdate":"2010-01-19T00:00:00Z","datefirstpublished":"2010-01-19T18:29:12Z","dateupdated":"2010-01-27T19:37:56Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}