First published: Wed Jul 29 2020(Updated: )
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
Credit: security-officer@isc.org security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
ISC BIND | >=9.9.12<=9.9.13 | |
ISC BIND | >=9.10.7<=9.10.8 | |
ISC BIND | >=9.11.3<=9.11.21 | |
ISC BIND | >=9.12.1<=9.16.5 | |
ISC BIND | >=9.17.0<=9.17.3 | |
ISC BIND | =9.9.12-s1 | |
ISC BIND | =9.9.13-s1 | |
ISC BIND | =9.11.3-s1 | |
ISC BIND | =9.11.21-s1 | |
Netapp Steelstore Cloud Integrated Storage | ||
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
ubuntu/bind9 | <1:9.11.3+dfsg-1ubuntu1.13 | 1:9.11.3+dfsg-1ubuntu1.13 |
ubuntu/bind9 | <1:9.16.1-0ubuntu2.3 | 1:9.16.1-0ubuntu2.3 |
debian/bind9 | 1:9.11.5.P4+dfsg-5.1+deb10u7 1:9.11.5.P4+dfsg-5.1+deb10u10 1:9.16.44-1~deb11u1 1:9.16.48-1 1:9.18.19-1~deb12u1 1:9.18.24-1 1:9.19.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8624 is a vulnerability in ISC BIND that could allow a remote authenticated attacker to bypass security restrictions.
Versions 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, and 9.17.0 -> 9.17.3 are affected.
An attacker who has been granted privileges to change a specific subset of the zone's content could exploit this vulnerability.
The severity of CVE-2020-8624 is high with a CVSS score of 4.3.
To fix CVE-2020-8624, upgrade BIND to a version that is not affected by the vulnerability.