[nsp-sec] BIND advisory
jose nazario
jose at arbor.net
Tue Nov 24 19:53:55 EST 2009
noticed this on twitter, didn't see it mentioned here:
https://www.isc.org/node/504
BIND 9 Cache Update From Additional Section
CVE: CVE-2009-4022
> A nameserver with DNSSEC validation enabled may incorrectly add
> records to its cache from the additional section of responses
> received during resolution of a recursive client query. This
> behavior only occurs when processing client queries with checking
> disabled (CD) at the same time as requesting DNSSEC records (DO).
affects 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 -> 9.4.3-P3, 9.5.0, 9.5.1,
9.5.2, 9.6.0, 9.6.1-P1.
-- jose
More information about the nsp-security
mailing list