[prev in list] [next in list] [prev in thread] [next in thread]
List: bind-users
Subject: BIND 9 Cache Update From Additional Section
From: supriya samanta <supriya.iem () gmail ! com>
Date: 2009-12-12 13:35:52
Message-ID: 5a34d6210912120523i767a9ea7l2db9ab02f831ed8f () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello All,
As per ISC security bulletin *CVE-2009-4022* There is a problem with BIND 9
Cache Update From Additional Section
*Problem Description:* A Nameserver with DNSSEC validation enabled may
incorrectly add records to its cache from the additional section of
responses received during resolution of a recursive client query.This
behavior only occurs when processing client queries with checking disabled
(CD).It may occur both when requesting,and not when requesting,DNSSEC
records(DO).If the nameserver is authoritative-only this will not occur.
We have some business requirement where we need to reproduce the problem.
Could anyone advice a test case which I may use or direct me to some website
which could be useful for this purpose.
Any help will be appreciated.
Many Thanks,
Supriya Samanta
**
[Attachment #5 (text/html)]
<br><br>
<div class="gmail_quote">
<div>
<div><font face="Arial" size="2"><span>Hello All,</span></font></div>
<div><font face="Arial" size="2"><span> </span></font></div>
<div><font face="Arial" size="2"><span>As per ISC security bulletin \
<strong>CVE-2009-4022</strong> There is a problem with BIND 9 Cache Update From \
Additional Section</span></font></div> <div><font face="Arial" size="2"><span> \
</span></font></div> <div><font face="Arial" size="2"><span><strong>Problem \
Description:</strong> A Nameserver with DNSSEC validation enabled may incorrectly add \
records to its cache from the additional section of responses received during \
resolution of a recursive client query.This behavior only occurs when processing \
client queries with checking disabled</span></font></div>
<div><font face="Arial" size="2"><span>(CD).It may occur both when requesting,and not \
when requesting,DNSSEC records(DO).If the nameserver is authoritative-only this will \
not occur.</span></font></div> <div><font face="Arial" size="2"><span></span></font> \
</div> <div><font face="Arial" size="2"><span>We have some business requirement where \
we need to reproduce the problem.</span></font></div> <div><font face="Arial" \
size="2"><span></span></font> </div> <div><font face="Arial" size="2"><span>Could \
anyone advice a test case which I may use or direct me to some website which could be \
useful for this purpose.</span></font></div> <div><font face="Arial" \
size="2"><span></span></font> </div> <div><font face="Arial" size="2"><span>Any help \
will be appreciated.</span></font></div> <div><font face="Arial" \
size="2"><span></span></font> </div> <div><font face="Arial" size="2"><span>Many \
Thanks,</span></font></div> <div><font face="Arial" size="2"><span>Supriya \
Samanta</span></font></div> <p><strong><span style="FONT-SIZE: 10pt; COLOR: green; \
FONT-FAMILY: 'Palatino \
Linotype','serif'"></span></strong><span></span></p> <p> </p></div></div>
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic