Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1129 A number of vulnerabilities have been identified in BIND as used by F5 Products 19 August 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP Publisher: F5 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-4854 CVE-2012-5689 Reference: ESB-2013.1019 ESB-2013.0109 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14601.html http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14613.html Comment: This bulletin contains two (2) F5 security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- sol14601: BIND vulnerability CVE-2012-5689 Security Advisory Original Publication Date: 08/15/2013 Description ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) by way of a query for an AAAA record. BIG-IP configurations using DNS64 (the DNS IPv6 to IPv4 option configured in the DNS profile) and Response Policy Zone (RPZ) Rewriting together are affected by this CVE. Note: Response Policy Zone (RPZ) Rewriting is an optional BIND 9.x configuration that allows administrators to create DNS blacklists. Impact Remote attackers may be able to cause a denial of service attack by making a query for an AAAA record. Status F5 Product Development has assigned ID 409587 (BIG-IP and Enterprise Manager) to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to Versions known to Vulnerable be vulnerable be not vulnerable component or feature BIG-IP LTM 11.2.x - 11.4.0 9.0.0 - 9.6.1 BIND 10.0.0 - 10.2.4 11.0.0 - 11.1.0 BIG-IP AAM None 11.4.0 None BIG-IP AFM None 11.3.0 - 11.4.0 None BIG-IP Analytics None 11.0.0 - 11.4.0 None BIG-IP APM None 10.1.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP ASM None 9.2.0 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP Edge Gateway None 10.1.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP GTM 11.2.x - 11.4.0 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.1.0 BIND BIG-IP Link Controller None 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP PEM None 11.3.0 - 11.4.0 None BIG-IP PSM None 9.4.5 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.4.0 None BIG-IP WebAccelerator None 9.4.0 - 9.4.8 10.0.0 - 10.2.4 11.0.0 - 11.3.0 None BIG-IP WOM None 10.0.0 - 10.2.4 11.0.0 - 11.3.0 None ARX None 5.0.0 - 5.3.1 6.0.0 - 6.4.0 None Enterprise Manager None 1.6.0 - 1.8.0 2.0.0 - 2.3.0 3.0.0 - 3.1.1 None FirePass None 6.0.0 - 6.1.0 7.0.0 None Recommended action If using DNS64 and Response Policy Zones together, you can mitigate this vulnerability by verifying that the Response Policy Zone contains an AAAA rewrite rule for every A rewrite rule in the zone. If the RPZ provides an AAAA answer without the assistance of DNS64, the vulnerability is not triggered. Note: For more information about Response Policy Zone (RPZ) Rewriting, refer to the following ISC document: Chapter 6. BIND 9 Configuration Reference. This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge. Impact of action: None. Supplemental Information http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689 Note: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) - ------------------------------------------------------------------------------- sol14613: BIND vulnerability CVE-2013-4854 Security AdvisorySecurity Advisory Original Publication Date: 08/15/2013 Description The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial-of-service (DoS) through a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Impact Remote attackers may be able to cause a DoS through a query with a malformed RDATA field. Status F5 Product Development has assigned ID 426341 (BIG-IP) to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to Versions known to Vulnerable be vulnerable be not vulnerable component or feature BIG-IP LTM 11.0.0 - 11.4.0 9.0.0 - 9.6.1 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP AAM 11.4.0 11.4.0 HF3 BIND BIG-IP AFM 11.3.0 - 11.4.0 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP Analytics 11.0.0 - 11.4.0 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP APM 11.0.0 - 11.4.0 10.1.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP ASM 11.0.0 - 11.4.0 9.2.0 - 9.4.8 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP Edge Gateway 11.0.0 - 11.4.0 10.1.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP GTM 11.0.0 - 11.4.0 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP Link Controller 11.0.0 - 11.4.0 9.2.2 - 9.4.8 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP PEM 11.3.0 - 11.4.0 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP PSM 11.0.0 - 11.4.0 9.4.5 - 9.4.8 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 11.4.0 HF3 BIND BIG-IP WebAccelerator 11.0.0 - 11.3.0 9.4.0 - 9.4.8 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 BIND BIG-IP WOM 11.0.0 - 11.3.0 10.0.0 - 10.2.4 11.1.0 HF10 11.2.1 HF9 11.3.0 HF7 BIND ARX None 5.0.0 - 5.3.1 6.0.0 - 6.4.0 None Enterprise Manager None 1.6.0 - 1.8.0 2.0.0 - 2.3.0 3.0.0 - 3.1.1 None FirePass None 6.0.0 - 6.1.0 7.0.0 None Recommended action None Supplemental Information http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUhGjixLndAQH1ShLAQLLyg/+ND3lfJrMqBTC9rfT+Lj2BVzxIWeGhBJX cENQjggjifJtV2zuCDuKBgQavlsyaprXRPmb6cE8VhOmEAXVJ11YhRpwIHSLMRTK srrdpSG/X4AiT/5GrqweTCDgj6VqXNorz34BaZ/vg3zkw6UaypK27zPOxWHuHjDe YHKf9S/8QVVshBc616ovWTHP3DlkBNBxnGfRoALgNNlvBTRFyUCpEpbqUzUsX+7B y9sjPo8TZHw0orkw/5+vhI2lIPWqskbn5Lu2tsc0yUKIJI6zS43tfjBmNRUT6QSA 6f79ESFBrzXVA6EZbc1uBOXI1ELz62D4LBK4aeIVkVrIoeouByBqwAOM8VDz2ezu soNMF4YAuHlcoPf17kPT9Rd6dWC+5VroF5L438oQkXqVqtvna4SecW/2g7mYMapL tOWk8kTbK4YJtitrIJ1pTahp6gvFpBwbdX3bua1+ASfEzbKvbO3Ur8/1G13OJhpE 67MwhTUqXZxd6w4ZFmMyHDyOdGXUmnxeOHPzY7X0dQoqw4zOCBI7LSs9RSPgiWIQ QPc6lMQ4vcHxLguuGt+a270mexl4XeCUH0SZDFqwgdWtoT1aILQRDsN5flcApSLr j7OG72Tx3gcNN37DQw+S+pFVjkrt9Lm0QqzZ0FDWaBo269Rn6KII+eGoEI5N4Mg/ RpmxY34Y2b8= =aYne -----END PGP SIGNATURE-----