Oval Definition:oval:org.mitre.oval:def:7459
Revision Date:2010-06-14Version:17
Title:Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning
Description:Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-4022
Platform(s):Sun Solaris 10
Sun Solaris 9
Product(s):
Definition Synopsis
  • Software Section
  • Solaris 9 (SPARC) meets Sun Alert 273169
  • Solaris 9 (SPARC) is installed
  • AND NOT Patch 112837-21 or later installed
  • OR Solaris 10 (SPARC) meets Sun Alert 273169
  • Solaris 10 (SPARC) is installed
  • AND NOT Patch 119783-14 or later installed
  • OR Solaris 9 (x86) meets Sun Alert 273169
  • Solaris 9 (x86) is installed
  • AND NOT Patch 114265-20 or later installed
  • OR Solaris 10 (x86) meets Sun Alert 273169
  • Solaris 10 (x86) is installed
  • AND NOT Patch 119784-14 or later installed
  • AND in.named running
    • BACK