In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zones content could abuse these unintended additional privileges to update other contents of the zone.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bind | Isc | 9.9.12 (including) | 9.9.13 (including) |
| Bind | Isc | 9.10.7 (including) | 9.10.8 (including) |
| Bind | Isc | 9.11.3 (including) | 9.11.21 (including) |
| Bind | Isc | 9.12.1 (including) | 9.16.5 (including) |
| Bind | Isc | 9.17.0 (including) | 9.17.3 (including) |
| Red Hat Enterprise Linux 7 | RedHat | bind-32:9.11.4-26.P2.el7_9.2 | * |
| Red Hat Enterprise Linux 7.7 Extended Update Support | RedHat | bind-32:9.11.4-9.P2.el7_7.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | bind-32:9.11.20-5.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | bind-32:9.11.20-5.el8 | * |
| Bind9 | Ubuntu | bionic | * |
| Bind9 | Ubuntu | devel | * |
| Bind9 | Ubuntu | focal | * |
| Bind9 | Ubuntu | trusty | * |