VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

VRDA-091130-002

Security Vulnerability in BIND DNS Software Shipped With Solaris May Allow DNS Cache Poisoning

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273169-1

A security vulnerability in the BIND DNS software shipped with Solaris may allow a remote user who is able to perform recursive queries to cause a server that is configured to support DNSSEC validation and recursive client queries to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services.

About This Analysis Information

Analysis Information Provider:

JPCERT/CC

First Published:

2009-11-30

Source Information Category:

Advisory, Alert

Last Updated:

2009-11-30

Affected Product Tags

cpe:/a:isc:bind (ISC BIND)

cpe:/o:sun:solaris (Sun Solaris)

lapt:/o:sun:opensolaris ( Sun OpenSolaris)

Vulnerability Analysis Results

[Information Source Reliability]^[?]

Low^[?]

Medium^[?]

High^[?]

[Impact Level]^[?]

Low^[?]

Low-Medium^[?]

Medium-High^[?]

High^[?]

[Access Required]^[?]

Physical^[?]

Local^[?]

Non-routed^[?]

Routed^[?]

[Authentication]^[?]

Privileged^[?]

Standard^[?]

Limited^[?]

None or Unnecessary^[?]

[User Interaction Required]^[?]

Complex^[?]

Simple^[?]

None^[?]

[Technical Difficulty]^[?]

High^[?]

Medium-High^[?]

Low-Medium^[?]

Low^[?]

[Availability of Remediation]^[?]

Official Patch^[?]

Official Workaround^[?]

Unofficial Patch^[?]

None^[?]

[Incident Activity]^[?]

None^[?]

Exploit or PoC^[?]

Activity Observed^[?]

Alternatives

References