CVE-2009-4022
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2009-4022 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
While this flaw exists in all 9.x versions, we do not plan to release bind updates for Red Hat Enterprise Linux 3 and 4 including this fix. The version of bind shipped in those products is 9.2.4, which has an older DNSSEC implementation, which is incompatible with currently used DNSSEC version and can not be used to secure communication with current public internet DNS servers.
This flaw does not introduce additional risks to bind installations that are not using DNSSEC, as a successful attack requires bypass of other cache poisoning protections (such as random query source ports and transaction ids). This flaw only allows for the bypass of protection provided by DNSSEC.
CVSS v2 metrics
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (bind) | RHSA-2009:1620 | 2009-11-30 |
CVE description copyright © 2017, The MITRE Corporation