Vulnerability Details : CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerability category: Input validation
Threat overview for CVE-2010-0097
Top countries where our scanners detected CVE-2010-0097
Top open port discovered on systems with this issue
53
IPs affected by CVE-2010-0097 7,447
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-0097!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-0097
Probability of exploitation activity in the next 30 days: 1.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0097
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-0097
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0097
-
http://www.vupen.com/english/advisories/2010/0622
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1352
Webmail | OVH- OVH
-
https://bugzilla.redhat.com/show_bug.cgi?id=554851
554851 – (CVE-2010-0097) CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html
[SECURITY] Fedora 11 Update: bind-9.6.1-9.P3.fc11
-
https://www.isc.org/advisories/CVE-2010-0097
Internet Systems Consortium
-
http://www.debian.org/security/2010/dsa-2054
Debian -- Security Information -- DSA-2054-1 bind9
-
http://www.ubuntu.com/usn/USN-888-1
USN-888-1: Bind vulnerabilities | Ubuntu security notices
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357
Repository / Oval Repository
-
http://www.securityfocus.com/bid/37865
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
mandriva.com
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212
Repository / Oval Repository
-
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Apple - Lists.apple.com
-
https://rhn.redhat.com/errata/RHSA-2010-0062.html
RHSA-2010:0062 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
[security-announce] SUSE Security Announcement: acoread (SUSE-SA:2010:00
-
http://www.vupen.com/english/advisories/2010/0176
Webmail | OVH- OVHVendor Advisory
-
http://marc.info/?l=bugtraq&m=127195582210247&w=2
'[security bulletin] HPSBUX02519 SSRT100004 rev.1 - HP-UX Running BIND, Remote Compromise of NXDOMAIN' - MARC
-
http://securitytracker.com/id?1023474
BIND DNSSEC NSEC/NSEC3 Error May Let Remote Users Spoof NXDOMAIN Responses - SecurityTracker
-
http://www.kb.cert.org/vuls/id/360341
VU#360341 - BIND 9 DNSSEC validation code could cause fake NXDOMAIN responsesUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205
Repository / Oval Repository
-
https://rhn.redhat.com/errata/RHSA-2010-0095.html
RHSA-2010:0095 - Security Advisory - Red Hat Customer Portal
- ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html
[SECURITY] Fedora 12 Update: bind-9.6.1-15.P3.fc12
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430
Repository / Oval Repository
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
ISC BIND DNSSEC NSEC/NSEC3 cache poisoning CVE-2010-0097 Vulnerability Report
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
-
http://www.vupen.com/english/advisories/2010/0981
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT5002
About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple Support
Products affected by CVE-2010-0097
- cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r9:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r4:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r3:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r5:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r4_p1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r2:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:r5_b1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6:*:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:r4:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r3:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:r5-p1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r5-b1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:b1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:*:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:r5-rc1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r2:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r1:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r5:*:*:esv:*:*:*
- cpe:2.3:a:isc:bind:9.4:r4-p1:*:*:esv:*:*:*