4.3
CVE-2010-0097
- EPSS 9.36%
- Veröffentlicht 22.01.2010 22:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:28
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.36% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://rhn.redhat.com/errata/RHSA-2010-0095.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.vupen.com/english/advisories/2010/0622
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
http://secunia.com/advisories/39334
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
http://support.apple.com/kb/HT5002
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2010/0176
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html
http://marc.info/?l=bugtraq&m=127195582210247&w=2
http://secunia.com/advisories/38169
http://secunia.com/advisories/39582
http://secunia.com/advisories/40086
http://securitytracker.com/id?1023474
http://www.debian.org/security/2010/dsa-2054
http://www.kb.cert.org/vuls/id/360341
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
http://www.osvdb.org/61853
http://www.securityfocus.com/bid/37865
http://www.vupen.com/english/advisories/2010/0981
http://www.vupen.com/english/advisories/2010/1352
https://bugzilla.redhat.com/show_bug.cgi?id=554851
https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357
https://rhn.redhat.com/errata/RHSA-2010-0062.html
https://www.isc.org/advisories/CVE-2010-0097