CVE-2010-0290

CVSS 4.0 - MEDIUM
Description

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

Affected Products
50 of 168
Vendor Product Version
isc bind 9.0
isc bind 9.0.0
isc bind 9.0.0
isc bind 9.0.0
isc bind 9.0.0
isc bind 9.0.0
isc bind 9.0.0
isc bind 9.0.1
isc bind 9.0.1
isc bind 9.0.1
isc bind 9.1
isc bind 9.1.0
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.1
isc bind 9.1.2
isc bind 9.1.2
isc bind 9.1.3
isc bind 9.1.3
isc bind 9.1.3
isc bind 9.1.3
isc bind 9.2
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.0
isc bind 9.2.1
isc bind 9.2.1
isc bind 9.2.1
isc bind 9.2.2
isc bind 9.2.2
isc bind 9.2.2
isc bind 9.2.2
Showing first 50 of 168 affected products.
References
http://lists.opensuse.org/opensuse-security-announ...
http://marc.info/?l=oss-security&m=126393609503704...
http://marc.info/?l=oss-security&m=126399602810086...
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/40086
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-00...
http://www.debian.org/security/2010/dsa-2054
http://www.mandriva.com/security/advisories?name=M...
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0622
http://www.vupen.com/english/advisories/2010/1352
https://bugzilla.redhat.com/show_bug.cgi?id=554851
https://bugzilla.redhat.com/show_bug.cgi?id=557121
https://oval.cisecurity.org/repository/search/defi...
https://oval.cisecurity.org/repository/search/defi...
https://oval.cisecurity.org/repository/search/defi...
https://rhn.redhat.com/errata/RHSA-2010-0062.html
https://www.isc.org/advisories/CVE-2009-4022v6
Weakness Types
NVD-CWE-noinfo
CVE Information
CVE ID:
CVE-2010-0290
Published:
2010-01-22
Modified:
2026-04-29
CVSS Score:
4.0
Severity:
MEDIUM
Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:P
Affected Vendors
isc
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL