Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0620 sol14386: BIND vulnerability CVE-2013-2266 2 May 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP LTM BIG-IP AFM BIG-IP Analytics BIG-IP APM BIG-IP ASM BIG-IP Edge Gateway BIG-IP GTM BIG-IP Link Controller BIG-IP PEM BIG-IP PSM BIG-IP WebAccelerator BIG-IP WOM Enterprise Manager Publisher: F5 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-2266 Reference: ESB-2013.0613 ESB-2013.0573 ESB-2013.0463 ESB-2013.0455 ESB-2013.0453 ESB-2013.0440 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14386.html - --------------------------BEGIN INCLUDED TEXT-------------------- sol14386: BIND vulnerability CVE-2013-2266 Security Advisory Original Publication Date: 05/01/2013 Description libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Impact A maliciously crafted regular expression can be used to invoke a denial of service attack against affected versions of BIND that result in memory consumption. Status F5 Product Development has assigned ID 416636 (BIG-IP) and ID 417643 (Enterprise Manager) to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to be Versions known to be Vulnerable vulnerable not vulnerable component or feature BIG-IP LTM 11.0.0 - 11.3.0 9.0.0 - 9.6.1 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP AFM 11.3.0 11.3.0 HF4 BIND BIG-IP Analytics 11.0.0 - 11.3.0 11.1.0 HF7 BIND 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP APM 11.0.0 - 11.3.0 10.1.0 - 10.2.4 BIND 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP ASM 11.0.0 - 11.3.0 9.2.0 - 9.4.8 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP Edge Gateway 11.0.0 - 11.3.0 10.1.0 - 10.2.4 BIND 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP GTM 11.0.0 - 11.3.0 9.2.2 - 9.4.8 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP Link Controller 11.0.0 - 11.3.0 9.2.2 - 9.4.8 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP PEM 11.3.0 11.3.0 HF4 BIND BIG-IP PSM 11.0.0 - 11.3.0 9.4.5 - 9.4.8 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP WebAccelerator 11.0.0 - 11.3.0 9.4.0 - 9.4.8 BIND 10.0.0 - 10.2.4 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 BIG-IP WOM 11.0.0 - 11.3.0 10.0.0 - 10.2.4 BIND 11.1.0 HF7 11.2.0 HF5 11.2.1 HF5 11.3.0 HF4 ARX None 5.0.0 - 5.3.1 None 6.0.0 - 6.3.0 Enterprise Manager 3.0.0 - 3.1.0 1.6.0 - 1.8.0 BIND 2.0.0 - 2.3.0 FirePass None 6.0.0 - 6.1.0 None 7.0.0 Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the table. Supplemental Information http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL9502: BIG-IP hotfix matrix - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUYIVdu4yVqjM2NGpAQKTPBAAgrJyxzxSZOyfGl+xO8aMhl6iEGOqK/pq FLDLgyt/a7bG/ZxX4Y0gtRAAaV5Bq6d2ZIEOh44tR+wM6o14/h9DCLs+6+sLiohM KdxV/XpKQuhud3wkTpwouaGbzVF0Akea1zfHiueQQAEsVmsbo5A6VeWDhhSX8SuI KH70xJLTQkIzpEiKI0+YzrwI7SQXub+3NZdRecxbYVvyyhJ3UVyk8Hcl/ODhSnIz vHHW9bdfY/Dn6CmnGrQm+QmrR151mIMkV9LIS/rOx3B3/2h5SnXCppVtciFqgWvg K7GEowICpukdV4i3n1Gobte1OhKSsr8YKzk736nuWO5YHqMoktq+RdKdIb1Wr2h9 ZQ9ECfNzqWnrPqodKzBL/oCy7KrkdsmCQXEMRdrf8hXpGfqfgiAtKWOk1/vdNIHk Cwg50MZTbay7Udt1MWHg2syDzZJCYNtgF1AdqnB9iFDNfZKrl03JT9RdAU69LVWS S4dFkpbRtD/7245dn+ar0UgVNn6qM5U5c1IYtjIbn3plAOM/UIUlMVKJxC4oLRt+ kycgidCWsQ+Q7zJFtqtXh052/wDMwZDZSjr3dbU9HRj55jo42UFpU87ze6LCh1Wg 4+YS8qeJ6WfVdbWF9prpByXE++gR8VpeMMbw4vpfHQFqWNCHM7IzFoYLAd2UYeIg ua8J76NdIJk= =YEco -----END PGP SIGNATURE-----