CVE-2010-0097

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.0.x through 9.3.x ISC BIND version 9.4 before 9.4.3-P5 ISC BIND version 9.5 before 9.5.2-P2 ISC BIND version 9.6 before 9.6.1-P3 ISC BIND version 9.7.0 beta

Description The issue concerns the improper validation of DNSSEC NSEC and NSEC3 records, allowing remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For ISC BIND versions 9.0.x through 9.3.x, update to a version outside of this range to mitigate the risk. For ISC BIND version 9.4 before 9.4.3-P5, update to version 9.4.3-P5 or later. For ISC BIND version 9.5 before 9.5.2-P2, update to version 9.5.2-P2 or later. For ISC BIND version 9.6 before 9.6.1-P3, update to version 9.6.1-P3 or later. For ISC BIND version 9.7.0 beta, avoid using this version until a stable release is available that addresses the issue.