bind is vulnerable to cache poisoning attack. The vulnerability exists as the original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.
lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
marc.info/?l=oss-security&m=126393609503704&w=2
marc.info/?l=oss-security&m=126399602810086&w=2
secunia.com/advisories/38219
secunia.com/advisories/38240
secunia.com/advisories/40086
wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
www.debian.org/security/2010/dsa-2054
www.mandriva.com/security/advisories?name=MDVSA-2010:021
www.redhat.com/security/updates/classification/#moderate
www.ubuntu.com/usn/USN-888-1
www.vupen.com/english/advisories/2010/0176
www.vupen.com/english/advisories/2010/0622
www.vupen.com/english/advisories/2010/1352
access.redhat.com/errata/RHSA-2010:0062
bugzilla.redhat.com/show_bug.cgi?id=554851
bugzilla.redhat.com/show_bug.cgi?id=557121
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884
rhn.redhat.com/errata/RHSA-2010-0062.html
www.isc.org/advisories/CVE-2009-4022v6