MNBSD-2009-2: BIND DNSSEC signature verification failure enabling spoofing

Severity: Unknown

Affected Package: bind

Summary: BIND DNSSEC signature verification failure enabling spoofing

Description

BIND did not properly check the return value from the OpenSSL DSA/EVP signature verification function, allowing an attacker to spoof DNSSEC-validated records (a DNSSEC/cache-poisoning attack). The fix was applied to 0.2.1 and 0.3-CURRENT. This corresponds to FreeBSD-SA-09:04.bind.

Affected Versions

bind

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2009-0025

Published: January 15, 2009
Last Modified: January 15, 2009