CVE-2009-4022

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.0.x through 9.3.x ISC BIND 9.4 before 9.4.3-P4 ISC BIND 9.5 before 9.5.2-P1 ISC BIND 9.6 before 9.6.1-P2 ISC BIND 9.7 beta before 9.7.0b3

Description The issue allows remote attackers to conduct DNS cache poisoning attacks by sending a response that contains an Additional section with crafted data. This occurs when DNSSEC validation is enabled and checking is disabled, and the response is processed at the same time as requesting DNSSEC records.

Recommendations For ISC BIND versions 9.0.x through 9.3.x, update to a version outside of this range to mitigate the risk. For ISC BIND 9.4 before 9.4.3-P4, update to version 9.4.3-P4 or later. For ISC BIND 9.5 before 9.5.2-P1, update to version 9.5.2-P1 or later. For ISC BIND 9.6 before 9.6.1-P2, update to version 9.6.1-P2 or later. For ISC BIND 9.7 beta before 9.7.0b3, update to version 9.7.0b3 or later.