CVE-2020-8624

CWE-269Improper Privilege ManagementCWE-400Uncontrolled Resource Consumption10 documents9 sources
Severity
4.3MEDIUM
EPSS
1.6%
top 18.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
ISC Bind9ISC BindCanonical Ubuntu Linux+3 more
Timeline
PublishedAug 21
Latest updateMay 24

Description

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5isc/bind99.9.12unspecified+13
Debianbind9< 1:9.16.6-1+3
NVDisc/bind9.9.129.9.13+8
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, Fedora 31, 32, Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

3
GHSA
GHSA-qgv6-6x66-mr9j: In BIND 92022-05-24
OSV
CVE-2020-8624: In BIND 92020-08-21
CVEList
update-policy rules of type "subdomain" are enforced incorrectly2020-08-21

📋Vendor Advisories

4
Ubuntu
Bind vulnerabilities2020-08-21
Red Hat
bind: incorrect enforcement of update-policy rules of type "subdomain"2020-08-20
Microsoft
update-policy rules of type "subdomain" are enforced incorrectly2020-08-11
Debian
CVE-2020-8624: bind9 - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5,...2020

💬Community

2
Bugzilla
CVE-2020-8624 bind: update-policy" rules of type "subdomain" were enforced incorrectly [fedora-all]2020-08-21
Bugzilla
CVE-2020-8624 bind: incorrect enforcement of update-policy rules of type "subdomain"2020-08-18
CVE-2020-8624 (MEDIUM CVSS 4.3) | In BIND 9.9.12 -> 9.9.13 | cvebase.io