Vulnerability CVE-2020-8624: Information

Description

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8624
Published: Aug. 22, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-269

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
bindsisyphus9.11.22-alt19.18.27-alt1ALT-PU-2020-2651-1256543Fixed
bindp109.11.22-alt19.16.48-alt1ALT-PU-2020-2651-1256543Fixed
bindp99.11.22-alt19.11.37-alt1ALT-PU-2020-2685-1256558Fixed
bindp89.10.8.P1-alt39.10.8.P1-alt4ALT-PU-2020-2661-1256547Fixed
bindc10f19.11.22-alt19.16.48-alt0.c10f2.1ALT-PU-2020-2651-1256543Fixed
bindc9f29.11.22-alt19.11.37-alt1ALT-PU-2020-2685-1256558Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://kb.isc.org/docs/cve-2020-8624
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20200827-0003/
  • Third Party Advisory
USN-4468-1
  • Third Party Advisory
DSA-4752
  • Third Party Advisory
GLSA-202008-19
  • Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_20_19
  • Third Party Advisory
openSUSE-SU-2020:1699
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:1701
  • Mailing List
  • Third Party Advisory
FEDORA-2020-a02b7a0f21
    FEDORA-2020-14c194e5af

        1. Configuration 1

          cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
          Start including
          9.10.7
          End including
          9.10.8
          cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
          Start including
          9.17.0
          End including
          9.17.3
          cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
          Start including
          9.11.3
          End including
          9.11.21
          cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
          Start including
          9.9.12
          End including
          9.9.13
          cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
          Start including
          9.12.1
          End including
          9.16.5

          Configuration 2

          cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
          cpe:2.3:a:isc:bind:9.9.12:s1:*:*:supported_preview:*:*:*
          cpe:2.3:a:isc:bind:9.9.13:s1:*:*:supported_preview:*:*:*
          cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*

          Configuration 3

          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

          Configuration 4

          cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
          cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.1
      Back to top