Improper Access Control Affecting bind-export-libs package, versions <32:9.11.4-26.P2.el8


0.0
low

Snyk CVSS

    Attack Complexity High

    Threat Intelligence

    EPSS 0.07% (29th percentile)
Expand this section
NVD
5.3 medium
Expand this section
SUSE
5.3 medium
Expand this section
Red Hat
3.7 low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-CENTOS8-BINDEXPORTLIBS-1999843
  • published 26 Jul 2021
  • disclosed 21 Feb 2019

How to fix?

Upgrade Centos:8 bind-export-libs to version 32:9.11.4-26.P2.el8 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.