Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0180 sol14201: Security Advisory: BIND denial-of-service attack 12 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP LTM BIG-IP Analytics BIG-IP APM BIG-IP ASM BIG-IP Edge Gateway BIG-IP GTM BIG-IP Link Controller BIG-IP PSM Enterprise Manager Publisher: F5 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-5166 CVE-2012-4244 Reference: ASB-2012.0147 ASB-2012.0145 ESB-2012.1108 ESB-2012.0974 ESB-2013.0143.2 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14201.html - --------------------------BEGIN INCLUDED TEXT-------------------- sol14201: Security Advisory: BIND denial-of-service attack CVE-2012-5166 / CVE-2012-4244 Security Advisory Original Publication Date: 02/11/2013 Description A vulnerability exists in the BIND DNS server process that may allow a remote attacker to initiate a denial-of-service (DoS) attack against the DNS service. Impact DNS services may be unavailable and cause a failure in DNS resolution. Status F5 Product Development has assigned ID 400789 (BIG-IP and Enterprise Manager) to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table: Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature BIG-IP LTM 9.0.0 - 9.6.1 10.2.4 HF5 BIND DNS server 10.0.0 - 10.2.4 HF4 11.2.0 HF3 11.0.0 - 11.2.0 HF2 11.2.1 HF2 11.2.1 - 11.2.1 HF1 11.3.0 BIG-IP AFM None 11.3.0 None BIG-IP Analytics 11.0.0 - 11.2.0 HF2 11.2.0 HF3 BIND DNS server 11.2.1 - 11.2.1 HF1 11.2.1 HF2 11.3.0 BIG-IP APM 10.1.0 - 10.2.4 HF4 10.2.4 HF5 BIND DNS server 11.0.0 - 11.2.0 HF2 11.2.0 HF3 11.2.1 - 11.2.1 HF1 11.2.1 HF2 11.3.0 BIG-IP ASM 9.2.0 - 9.4.8 10.2.4 HF5 BIND DNS server 10.0.0 - 10.2.4 HF4 11.2.0 HF3 11.0.0 - 11.2.0 HF2 11.2.1 HF2 11.2.1 - 11.2.1 HF1 11.3.0 BIG-IP Edge Gateway 10.1.0 - 10.2.4 HF4 10.2.4 HF5 BIND DNS server 11.0.0 - 11.2.0 HF2 11.2.0 HF3 11.2.1 - 11.2.1 HF1 11.2.1 HF2 11.3.0 BIG-IP GTM 9.2.2 - 9.4.8 10.2.4 HF5 BIND DNS server 10.1.0 - 10.2.4 HF4 11.2.0 HF3 11.0.0 - 11.2.0 HF2 11.2.1 HF2 11.2.1 - 11.2.1 HF1 11.3.0 BIG-IP Link Controller 9.2.2 - 9.4.8 10.2.4 HF5 BIND DNS server 10.1.0 - 10.2.4 HF4 11.2.0 HF3 11.0.0 - 11.2.0 HF2 11.2.1 HF2 11.2.1 - 11.2.1 HF1 11.3.0 BIG-IP PEM None 11.3.0 None BIG-IP PSM 9.4.5 - 9.4.8 10.2.4 HF5 BIND DNS server 10.1.0 - 10.2.4 HF4 11.2.0 HF3 11.0.0 - 11.2.0 HF2 11.2.1 HF2 11.2.1 - 11.2.1 HF1 11.3.0 BIG-IP WebAccelerator None 9.4.0 - 9.4.8 None 10.0.0 - 10.2.4 11.0.0 - 11.3.0 BIG-IP WOM None 10.0.0 - 10.2.4 None 11.0.0 - 11.3.0 ARX None 5.0.0 - 5.3.1 None 6.0.0 - 6.3.0 Enterprise Manager 1.6.0 - 1.8.0 3.1.0 BIND DNS server 2.0.0 - 2.3.0 3.0.0 FirePass None 6.0.0 - 6.1.0 None 7.0.0 Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can disable recursion of the DNS server. To do so, perform the following procedure: Impact of action: The BIG-IP system will not be able to perform recursive lookups and may cause DNS lookup failures. BIG-IP GTM functionality may be impacted. 1. Log in to the BIG-IP system command line. 2. Using a text editor, such as vi, edit the /var/named/etc/named.conf file. 3. Add the following line to the options section: recursion no; 4. Save the file. 5. To load the new configuration, type the following command: rndc reload Supplemental Information CVE-2012-5166 This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. CVE 2012-4244 This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL10025: Managing BIG-IP product hotfixes (10.x) SOL6845: Managing BIG-IP product hotfixes (9.x) SOL9502: BIG-IP hotfix matrix - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBURnBte4yVqjM2NGpAQL5wg/9G14NSeUMUw4M4YBv4ClUHe0ECqSgbAXd C7CHDxK3FdkTPE8970PlO7qfOF9kEKCWKBrzn6nYvwt8/W13a6ThHrznTlDcio1j o9FrOFDH6STvFpsmp8eRkscNraJh/xmLXOdHpUceyDg7DXoBtzSWxvqMZio9hPWl U/U8BfQiADMzpOOmNvHbVsrfRZKICm11YFjNfLlAfaQLf/toutZFs8QlIBH0Q1FZ pxGQwGqTgoYexQ3HyC+Yoo0AdZujGub90xVZqEPwkUsjQNePMH/GSa66j18kMCyR 57wd7S9zAKjkVMijpw4X3UPZu4uSOTrSeliMGiYINnkD5fGxFpZI8FgRNUG5SpjM kHMnG7x+TDw2PwLYd0mDaEENBkrDbhNyprxMyndURdWSFo8F8DsRJMiKgYigYFPB tGHXnMAi+gH2Ci0vEFLaQh4RQ/qne/Z3drxuQHjw7SkEymVgZ5ujHf4tPSqsDoht 87pz1VQR2QJ8u1ckJReCtkoArrwy0Gzkc/PUbZYluJBnJYer28QNBFXII530zF1c 3WJTX5DpnyIYR1K+iBreakwkM541uAJtMSxQin4SGhggJLUkUWvaIjhDTR1gLB7K WWy3V8MFAC7A0NNwtyGcCfyxnGeP7OAARDLZRUezjljdNxNrsVlSzkkLyYrBfFW1 sDNIzuoMrX8= =2TPS -----END PGP SIGNATURE-----