First published: Wed Jul 29 2020(Updated: )
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
Credit: security-officer@isc.org security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
ISC BIND | >=9.9.12<=9.9.13 | |
ISC BIND | >=9.10.7<=9.10.8 | |
ISC BIND | >=9.11.3<=9.11.21 | |
ISC BIND | >=9.12.1<=9.16.5 | |
ISC BIND | >=9.17.0<=9.17.3 | |
ISC BIND | =9.9.12-s1 | |
ISC BIND | =9.9.13-s1 | |
ISC BIND | =9.11.3-s1 | |
ISC BIND | =9.11.21-s1 | |
Netapp Steelstore Cloud Integrated Storage | ||
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
debian/bind9 | 1:9.16.50-1~deb11u2 1:9.16.50-1~deb11u1 1:9.18.28-1~deb12u2 1:9.20.4-3 |
Upgrade to the patched release most closely related to your current version of BIND: BIND 9.11.22 BIND 9.16.6 BIND 9.17.4 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. BIND 9.11.22-S1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8624 is a vulnerability in ISC BIND that could allow a remote authenticated attacker to bypass security restrictions.
Versions 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, and 9.17.0 -> 9.17.3 are affected.
An attacker who has been granted privileges to change a specific subset of the zone's content could exploit this vulnerability.
The severity of CVE-2020-8624 is high with a CVSS score of 4.3.
To fix CVE-2020-8624, upgrade BIND to a version that is not affected by the vulnerability.