-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.1129
        A number of vulnerabilities have been identified in BIND as
                            used by F5 Products
                              19 August 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP
Publisher:         F5
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-4854 CVE-2012-5689 

Reference:         ESB-2013.1019
                   ESB-2013.0109

Original Bulletin: 
   http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14601.html
   http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14613.html

Comment: This bulletin contains two (2) F5 security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

sol14601: BIND vulnerability 
CVE-2012-5689 
Security Advisory

Original Publication Date: 08/15/2013

Description

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain 
configurations involving DNS64 with a Response Policy Zone that lacks an AAAA
rewrite rule, allows remote attackers to cause a denial of service (assertion
failure and named daemon exit) by way of a query for an AAAA record.

BIG-IP configurations using DNS64 (the DNS IPv6 to IPv4 option configured in 
the DNS profile) and Response Policy Zone (RPZ) Rewriting together are 
affected by this CVE.

Note: Response Policy Zone (RPZ) Rewriting is an optional BIND 9.x 
configuration that allows administrators to create DNS blacklists.

Impact

Remote attackers may be able to cause a denial of service attack by making a 
query for an AAAA record.

Status

F5 Product Development has assigned ID 409587 (BIG-IP and Enterprise Manager)
to this vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product 	Versions known to	Versions known to 	Vulnerable 
		be vulnerable		be not vulnerable	component or 
								feature
		 	 	
BIG-IP LTM 	11.2.x - 11.4.0		9.0.0 - 9.6.1		BIND
					10.0.0 - 10.2.4
					11.0.0 - 11.1.0

BIG-IP AAM 	None 			11.4.0 			None

BIG-IP AFM 	None 			11.3.0 - 11.4.0 	None

BIG-IP 
Analytics 	None 			11.0.0 - 11.4.0 	None

BIG-IP APM 	None 			10.1.0 - 10.2.4
					11.0.0 - 11.4.0 	None

BIG-IP ASM 	None 			9.2.0 - 9.4.8
					10.0.0 - 10.2.4
					11.0.0 - 11.4.0 	None

BIG-IP Edge 
Gateway		None 			10.1.0 - 10.2.4
					11.0.0 - 11.4.0 	None

BIG-IP GTM 	11.2.x - 11.4.0		9.2.2 - 9.4.8
					10.0.0 - 10.2.4
					11.0.0 - 11.1.0 	BIND
BIG-IP Link 
Controller 	None			9.2.2 - 9.4.8
					10.0.0 - 10.2.4
					11.0.0 - 11.4.0		None

BIG-IP PEM 	None			11.3.0 - 11.4.0		None

BIG-IP PSM 	None 			9.4.5 - 9.4.8
					10.0.0 - 10.2.4
					11.0.0 - 11.4.0 	None

BIG-IP 
WebAccelerator 	None 			9.4.0 - 9.4.8
					10.0.0 - 10.2.4
					11.0.0 - 11.3.0 	None

BIG-IP WOM 	None 			10.0.0 - 10.2.4
					11.0.0 - 11.3.0 	None

ARX 		None 			5.0.0 - 5.3.1
					6.0.0 - 6.4.0 		None

Enterprise 
Manager 	None 			1.6.0 - 1.8.0
					2.0.0 - 2.3.0
					3.0.0 - 3.1.1 		None

FirePass 	None 			6.0.0 - 6.1.0	
					7.0.0 			None

Recommended action

If using DNS64 and Response Policy Zones together, you can mitigate this 
vulnerability by verifying that the Response Policy Zone contains an AAAA 
rewrite rule for every A rewrite rule in the zone. If the RPZ provides an 
AAAA answer without the assistance of DNS64, the vulnerability is not 
triggered.

Note: For more information about Response Policy Zone (RPZ) Rewriting, refer 
to the following ISC document: Chapter 6. BIND 9 Configuration Reference. 
This link takes you to a resource outside of AskF5, and it is possible that 
the information may be removed without our knowledge.

Impact of action: None.

Supplemental Information

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5689

    Note: The previous link takes you to a resource outside of AskF5, and it 
    is possible that the information may be removed without our knowledge.

    SOL9970: Subscribing to email notifications regarding F5 products
    SOL9957: Creating a custom RSS feed to view new and updated documents.
    SOL4602: Overview of the F5 security vulnerability response policy
    SOL4918: Overview of the F5 critical issue hotfix policy
    SOL167: Downloading software and firmware from F5
    SOL13123: Managing BIG-IP product hotfixes (11.x)

- -------------------------------------------------------------------------------

sol14613: BIND vulnerability CVE-2013-4854 Security AdvisorySecurity Advisory

Original Publication Date: 08/15/2013

Description

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 
9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 
before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a 
denial-of-service (DoS) through a query with a malformed RDATA section that is 
not properly handled during construction of a log message, as exploited in the 
wild in July 2013.

Impact

Remote attackers may be able to cause a DoS through a query with a malformed 
RDATA field.

Status

F5 Product Development has assigned ID 426341 (BIG-IP) to this vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:


Product 	Versions known to	Versions known to 	Vulnerable 
		be vulnerable		be not vulnerable	component or 
								feature
BIG-IP LTM 	11.0.0 - 11.4.0		9.0.0 - 9.6.1
					10.0.0 - 10.2.4		
					11.1.0 HF10
					11.2.1 HF9		
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP AAM 	11.4.0 			11.4.0 HF3 		BIND

BIG-IP AFM 	11.3.0 - 11.4.0		11.3.0 HF7
					11.4.0 HF3 		BIND

BIG-IP 
Analytics 	11.0.0 - 11.4.0		11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3 		BIND

BIG-IP APM 	11.0.0 - 11.4.0		10.1.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP ASM 	11.0.0 - 11.4.0		9.2.0 - 9.4.8
					10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP Edge 
Gateway		11.0.0 - 11.4.0		10.1.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP GTM 	11.0.0 - 11.4.0		9.2.2 - 9.4.8
					10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP Link 
Controller 	11.0.0 - 11.4.0		9.2.2 - 9.4.8
					10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP PEM 	11.3.0 - 11.4.0		11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP PSM 	11.0.0 - 11.4.0		9.4.5 - 9.4.8
					10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7
					11.4.0 HF3		BIND

BIG-IP 
WebAccelerator 	11.0.0 - 11.3.0		9.4.0 - 9.4.8
					10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7		BIND

BIG-IP WOM 	11.0.0 - 11.3.0		10.0.0 - 10.2.4
					11.1.0 HF10
					11.2.1 HF9
					11.3.0 HF7		BIND

ARX 		None 			5.0.0 - 5.3.1		
					6.0.0 - 6.4.0		None

Enterprise 
Manager 	None 			1.6.0 - 1.8.0
					2.0.0 - 2.3.0
					3.0.0 - 3.1.1		None

FirePass 	None 			6.0.0 - 6.1.0
					7.0.0			None

Recommended action

None

Supplemental Information

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854
    SOL9970: Subscribing to email notifications regarding F5 products
    SOL9957: Creating a custom RSS feed to view new and updated documents.
    SOL4602: Overview of the F5 security vulnerability response policy
    SOL4918: Overview of the F5 critical issue hotfix policy
    SOL167: Downloading software and firmware from F5
    SOL13123: Managing BIG-IP product hotfixes (11.x)

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUhGjixLndAQH1ShLAQLLyg/+ND3lfJrMqBTC9rfT+Lj2BVzxIWeGhBJX
cENQjggjifJtV2zuCDuKBgQavlsyaprXRPmb6cE8VhOmEAXVJ11YhRpwIHSLMRTK
srrdpSG/X4AiT/5GrqweTCDgj6VqXNorz34BaZ/vg3zkw6UaypK27zPOxWHuHjDe
YHKf9S/8QVVshBc616ovWTHP3DlkBNBxnGfRoALgNNlvBTRFyUCpEpbqUzUsX+7B
y9sjPo8TZHw0orkw/5+vhI2lIPWqskbn5Lu2tsc0yUKIJI6zS43tfjBmNRUT6QSA
6f79ESFBrzXVA6EZbc1uBOXI1ELz62D4LBK4aeIVkVrIoeouByBqwAOM8VDz2ezu
soNMF4YAuHlcoPf17kPT9Rd6dWC+5VroF5L438oQkXqVqtvna4SecW/2g7mYMapL
tOWk8kTbK4YJtitrIJ1pTahp6gvFpBwbdX3bua1+ASfEzbKvbO3Ur8/1G13OJhpE
67MwhTUqXZxd6w4ZFmMyHDyOdGXUmnxeOHPzY7X0dQoqw4zOCBI7LSs9RSPgiWIQ
QPc6lMQ4vcHxLguuGt+a270mexl4XeCUH0SZDFqwgdWtoT1aILQRDsN5flcApSLr
j7OG72Tx3gcNN37DQw+S+pFVjkrt9Lm0QqzZ0FDWaBo269Rn6KII+eGoEI5N4Mg/
RpmxY34Y2b8=
=aYne
-----END PGP SIGNATURE-----