exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2010-0097

Status Candidate

Overview

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

Related Files

HP Security Bulletin HPSBOV03540 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2007-0493, CVE-2007-0494, CVE-2008-0122, CVE-2009-4022, CVE-2010-0097, CVE-2012-1667, CVE-2012-4244, CVE-2012-5166
MD5 | 595a4df292feaba6a50f97e0a2a55b79
Apple Security Advisory 2011-10-12-3
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-3 - OS X Lion has a security update available that addresses findings in Apache, a format string vulnerability in the Application Firewall, an arbitrary code execution vulnerability when viewing a malicious font via ATS, and 60+ other issues.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-1157, CVE-2010-1634, CVE-2010-2089, CVE-2010-2227, CVE-2010-3436, CVE-2010-3613, CVE-2010-3614, CVE-2010-3718, CVE-2010-4172, CVE-2010-4645, CVE-2011-0013, CVE-2011-0185, CVE-2011-0187, CVE-2011-0224, CVE-2011-0226, CVE-2011-0229, CVE-2011-0230, CVE-2011-0231, CVE-2011-0249, CVE-2011-0250, CVE-2011-0251, CVE-2011-0252, CVE-2011-0259, CVE-2011-0260, CVE-2011-0411, CVE-2011-0419
MD5 | 50a5772c2540863ea47a21c4c5193ca5
Debian Linux Security Advisory 2054-2
Posted Jun 16, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2054-2 - This update restores the PID file location for bind to the location before the last security update. Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-0097, CVE-2010-0290, CVE-2010-0382
MD5 | 3abe09346bd8535f8f03f50fb3b703c9
Debian Linux Security Advisory 2054-1
Posted Jun 4, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2054-1 - Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-0097, CVE-2010-0290, CVE-2010-0382
MD5 | fe98167d97e37594d929609467e3743f
Gentoo Linux Security Advisory 201006-11
Posted Jun 3, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-11 - Several cache poisoning vulnerabilities have been found in BIND. Multiple cache poisoning vulnerabilities were discovered in BIND. Versions less than 9.4.3_p5 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-0290, CVE-2010-0382
MD5 | 65a946125ae83055908a83198ace2e2c
HP Security Bulletin HPSBUX02519 SSRT100004
Posted Apr 23, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to compromise NXDOMAIN responses.

tags | advisory
systems | hpux
advisories | CVE-2010-0097
MD5 | 8b1150dc53a7969da4acab05329abc8e
Mandriva Linux Security Advisory 2010-021
Posted Jan 21, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-021 - The original fix for was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-0290
MD5 | 1a8619a7db70f008a98849880689c8f0
Ubuntu Security Notice 888-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 888-1 - It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.

tags | advisory, remote, web, denial of service, spoof
systems | linux, ubuntu
advisories | CVE-2009-4022, CVE-2010-0097, CVE-2010-0290
MD5 | 8ee9d38fe264c826df92d23f2eb44caf
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close