Referenced CVEs:
CVE-2009-0025
Description:
===========================================================Ubuntu Security Notice USN-706-1 January 09, 2009bind9 vulnerabilityCVE-2009-0025===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.6Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2.1Ubuntu 8.04 LTS: libdns35 1:9.4.2.dfsg.P2-2ubuntu0.1Ubuntu 8.10: libdns43 1:9.5.0.dfsg.P2-1ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Bind did not properly perform certificate verification.When DNSSEC with DSA certificates are in use, a remote attacker could exploitthis to bypass certificate validation to spoof DNS entries and poison DNScaches. Among other things, this could lead to misdirected email and webtraffic.