{"vuid":"VU#418861","idnumber":"418861","name":"BIND DNS Nameserver, DNSSEC validation Vulnerability","keywords":["DNSSEC","nameserver"],"overview":"A vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache.","clean_desc":"BIND 9 contains a vulnerability in the way recursive client queries are handled. According to ISC: A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query with checking disabled (CD), or when the nameserver internally triggers a query for missing records for recursive name resolution. Cached records can be returned in response to subsequent client queries with or without requesting DNSSEC records (DO). In addition, some of them can be returned to queries with or without checking disabled (CD). This issue affects BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P3, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.1-P1.","impact":"An attacker may be able to manipulate cache data and perform DNS Cache Poisoning.","resolution":"Upgrade \nBIND should be upgraded to version 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.","workarounds":"Disable DNSSEC Validation According to ISC: Disabling DNSSEC validation will also prevent incorrect caching of additional records due to this defect. However, this removes DNSSEC validation protection and the ability of the nameserver to deliver authenticated data in query responses.","sysaffected":"","thanks":"ISC\n credits Michael Sinatra, UC Berkeley with finding this issue.","author":"This document was written by Chris Taschner.","public":["h","t","t","p","s",":","/","/","w","w","w",".","i","s","c",".","o","r","g","/","n","o","d","e","/","5","0","4"],"cveids":["CVE-2009-4022"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-11-19T19:02:12Z","publicdate":"2009-11-19T00:00:00Z","datefirstpublished":"2009-12-01T20:09:45Z","dateupdated":"2010-01-19T19:08:43Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}