Unrated severityNVD Advisory· Published Aug 21, 2020· Updated Sep 16, 2024

update-policy rules of type "subdomain" are enforced incorrectly

CVE-2020-8624

Description

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Affected products

osv-coords45 versions
pkg:apk/chainguard/bind pkg:apk/chainguard/bind-dev pkg:apk/chainguard/bind-dnssec-root pkg:apk/chainguard/bind-dnssec-tools pkg:apk/chainguard/bind-doc pkg:apk/chainguard/bind-libs pkg:apk/chainguard/bind-plugins pkg:apk/chainguard/bind-tools pkg:apk/wolfi/bind pkg:apk/wolfi/bind-dev pkg:apk/wolfi/bind-dnssec-root pkg:apk/wolfi/bind-dnssec-tools pkg:apk/wolfi/bind-doc pkg:apk/wolfi/bind-libs pkg:apk/wolfi/bind-plugins pkg:apk/wolfi/bind-tools pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libuv&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/sysuser-tools&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2 pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/sysuser-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0+ 44 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.16.6-lp151.11.9.1
- (no CPE)range: < 9.16.6-lp152.14.3.1
- (no CPE)range: < 9.16.20-1.4
- (no CPE)range: < 1.18.0-lp151.3.3.1
- (no CPE)range: < 1.18.0-lp152.4.3.1
- (no CPE)range: < 2.0-lp151.4.3.1
- (no CPE)range: < 2.0-lp152.5.3.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.16.6-12.32.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 9.11.22-3.22.1
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
- (no CPE)range: < 2.0-4.2.8
ISC/BIND9v5
Range: 9.9.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlmitrevendor-advisoryx_refsource_SUSE
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202008-19mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4468-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2020/dsa-4752mitrevendor-advisoryx_refsource_DEBIAN
kb.isc.org/docs/cve-2020-8624mitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20200827-0003/mitrex_refsource_CONFIRM
www.synology.com/security/advisory/Synology_SA_20_19mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000