CVE-2010-0097 : ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not pro

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

Published 2010-01-22 22:00:00

Updated 2017-09-19 01:30:14

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Input validation

Threat overview for CVE-2010-0097

Top countries where our scanners detected CVE-2010-0097

Top open port discovered on systems with this issue 53

IPs affected by CVE-2010-0097 7,447

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-0097!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-0097

Probability of exploitation activity in the next 30 days: 1.26%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0097

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2010-0097

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0097

http://www.vupen.com/english/advisories/2010/0622

Webmail | OVH- OVH

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/1352

Webmail | OVH- OVH

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=554851

554851 – (CVE-2010-0097) CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html

[SECURITY] Fedora 11 Update: bind-9.6.1-9.P3.fc11
https://www.isc.org/advisories/CVE-2010-0097

Internet Systems Consortium
http://www.debian.org/security/2010/dsa-2054

Debian -- Security Information -- DSA-2054-1 bind9

CVEs referencing this url
http://www.ubuntu.com/usn/USN-888-1

USN-888-1: Bind vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357

Repository / Oval Repository
http://www.securityfocus.com/bid/37865

ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021

mandriva.com

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212

Repository / Oval Repository
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Apple - Lists.apple.com

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2010-0062.html

RHSA-2010:0062 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

[security-announce] SUSE Security Announcement: acoread (SUSE-SA:2010:00

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/0176

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=127195582210247&w=2

'[security bulletin] HPSBUX02519 SSRT100004 rev.1 - HP-UX Running BIND, Remote Compromise of NXDOMAIN' - MARC
http://securitytracker.com/id?1023474

BIND DNSSEC NSEC/NSEC3 Error May Let Remote Users Spoof NXDOMAIN Responses - SecurityTracker
http://www.kb.cert.org/vuls/id/360341

VU#360341 - BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205

Repository / Oval Repository
https://rhn.redhat.com/errata/RHSA-2010-0095.html

RHSA-2010:0095 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html

[SECURITY] Fedora 12 Update: bind-9.6.1-15.P3.fc12
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430

Repository / Oval Repository
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/55753

ISC BIND DNSSEC NSEC/NSEC3 cache poisoning CVE-2010-0097 Vulnerability Report
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/0981

Webmail | OVH- OVH
http://support.apple.com/kb/HT5002

About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple Support

CVEs referencing this url

Products affected by CVE-2010-0097