Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0147 A denial of service vulnerability has been fixed in F5 BIG-IP 11.2.1 HF1 26 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5 BIG-IP Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-4244 Member content until: Sunday, November 25 2012 Reference: ESB-2012.0871 OVERVIEW F5 BIG-IP 11.2.1 HF (Hotfix) 1 has been released. [1] IMPACT HF 1 addresses a number of issues, in particular it includes a fix for a BIND denial of service vulnerability. [1] As per the original ISC bulletin: "This vulnerability can be exploited remotely against recursive servers by inducing them to query for records provided by an authoritative server. It affects authoritative servers if a zone containing this type of resource record is loaded from file or provided via zone transfer." [2] MITIGATION All customers should install the hotfix. [1] REFERENCES [1] SOL13974: BIG-IP cumulative hotfix version 11.2.1 http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13974.html?ref=rss [2] ESB-2012.0871 - [Win][UNIX/Linux] BIND: Denial of service - Remote/unauthenticated https://auscert.org.au/16324 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUIo5UO4yVqjM2NGpAQIFwRAAiw4+rXmDsnKfGb9ZUaxPSQKKHnqkkbJN Oo8EX0Tc9GwG62W8fN4YR30FIYI7CVeKr1P/3Lsa7uckRQKPCaH5p/EReDMiBY5R nTUBcvVOJDULQVnYY586Ak9kqLKUPBSeMDVBMazaWWThig9nWEx633LIz+cXbxjg G7kbgb1wA25T2lH5xTV1d0sygJGtrw4kC28iCQ6Juf/lGUn+jBDpodn9s4biiA3A 5gOJbWVLfc5mYWdV4tbJAX7tlz4A7Ic6Z0/bSWMHidTE44D/d/JVT2LRSCeOQNlq bTC0DEC/isLCbWmoMkFX5UtL7nrcuWJOhGdo7RKB28QHKk88aJsZamB/fouVlxaM gNE9o8Nrzj6jsj0wfkW2LvHYZq82fBXOlmNiiitbaI4jBQNjS9WnP/xobQUfImxS +a+RUhTx08BLi0GQIFuhhTeblLovrr0v1F59gcZOM+/GW/ZsirxnxnLJvxdSDYfY SDy8VXQc3ywjE87lImLzoQgMI1TGrzIuVm6jBjJ9vFQMCOY/LvSoDXAgxy4APWCh JgcjS0hY/YGIJiEWZWjt9ceesY4mGJCq5rSvFt5QqIyFZajtL3pD6kgEpb+VI5z9 R9M4mwKPrU5GxL+KhXHsGogaM4CV2ZLYdOH+1n9HeEVLZYCeexSrM/iubozEIEcR HGs/t2JaBfA= =gR0Q -----END PGP SIGNATURE-----