CVE-2009-4022

N/A Unknown
Published: November 25, 2009 Modified: April 23, 2026
View on NVD

Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Source: secalert@redhat.com
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Source: secalert@redhat.com
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Source: secalert@redhat.com
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: secalert@redhat.com
http://osvdb.org/60493
Source: secalert@redhat.com
http://secunia.com/advisories/37426
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/37491
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38219
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38240
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38794
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/38834
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/39334
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/40730
Source: secalert@redhat.com
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Source: secalert@redhat.com
http://support.apple.com/kb/HT5002
Source: secalert@redhat.com
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Source: secalert@redhat.com
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Source: secalert@redhat.com
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Source: secalert@redhat.com
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/418861
Source: secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Source: secalert@redhat.com
http://www.openwall.com/lists/oss-security/2009/11/24/1
Source: secalert@redhat.com
http://www.openwall.com/lists/oss-security/2009/11/24/2
Source: secalert@redhat.com
http://www.openwall.com/lists/oss-security/2009/11/24/8
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2009-1620.html
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/37118
Source: secalert@redhat.com
http://www.ubuntu.com/usn/USN-888-1
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2009/3335
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0176
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0528
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0622
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=538744
Source: secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Source: secalert@redhat.com
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-3152
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Source: secalert@redhat.com
https://www.isc.org/advisories/CVE-2009-4022v6
Source: secalert@redhat.com
Vendor Advisory
https://www.isc.org/advisories/CVE2009-4022
Source: secalert@redhat.com
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Source: secalert@redhat.com
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Source: secalert@redhat.com
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
Source: af854a3a-2127-422b-91ae-364da2661108
http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/60493
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/37426
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/37491
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/38219
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/38240
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/38794
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/38834
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/39334
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/40730
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT5002
Source: af854a3a-2127-422b-91ae-364da2661108
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/418861
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2009/11/24/1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2009/11/24/2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2009/11/24/8
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2009-1620.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/37118
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-888-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/3335
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0176
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0528
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0622
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=538744
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Source: af854a3a-2127-422b-91ae-364da2661108
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-3152
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.isc.org/advisories/CVE-2009-4022v6
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.isc.org/advisories/CVE2009-4022
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
Source: af854a3a-2127-422b-91ae-364da2661108

88 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
20.0%
95th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

isc