Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0202 BIND vulnerability CVE-2011-4313 14 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP LTM BIG-IP APM BIG-IP ASM BIG-IP Edge Gateway BIG-IP GTM BIG-IP Link Controller BIG-IP PSM BIG-IP WebAccelerator BIG-IP WOM Publisher: F5 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2011-4313 Reference: ASB-2012.0171 ASB-2012.0093 ESB-2012.0899 ASB-2011.0108 ASB-2011.0102 ESB-2011.1182 ASB-2011.0110.2 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14204.html - --------------------------BEGIN INCLUDED TEXT-------------------- sol14204: BIND vulnerability CVE-2011-4313 Security Advisory Original Publication Date: 02/12/2013 Description ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service (assertion failure and named exit). The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. The affected versions of BIND are as follows: 9.0.x through 9.6.x 9.4-ESV through 9.4-ESV-R5 9.6-ESV through 9.6-ESV-R5 9.7.0 through 9.7.4 9.8.0 through 9.8.1 9.9.0a1 through 9.9.0b1 Impact This issue may cause recursive name servers to crash. This issue may affect BIG-IP systems in which BIND is configured as a recursive name server. Status F5 Product Development has assigned ID 372590 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table: Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature BIG-IP LTM 9.4.0 - 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP AFM None 11.x None BIG-IP Analytics None 11.x None BIG-IP APM 10.1.0 - 10.2.3 10.2.1 HF4 BIND 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP ASM 9.4.0 - 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP Edge Gateway 10.1.0 - 10.2.3 10.2.1 HF4 BIND 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP GTM 9.4.0 - 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP Link Controller 9.4.0 - 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP PEM None 11.x None BIG-IP PSM 9.4.5 - 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP WebAccelerator 9.4.0- 9.4.8 HF4 9.4.8 HF5 BIND 10.0.0 - 10.2.3 10.2.1 HF4 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x BIG-IP WOM 10.0.0 - 10.2.3 10.2.1 HF4 BIND 11.0.0 - 11.1.0 10.2.2 HF4 10.2.3 HF1 10.2.4 11.1.0 HF1 11.2.x 11.3.x ARX None 5.x None 6.x Enterprise Manager None 1.0.0 - 1.8.0* None 2.0.0 - 2.3.0* 3.x FirePass None 6.x None 7.x * F5 Product Development has determined that these Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled. Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313 http://www.isc.org/software/bind/advisories/cve-2011-4313 SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL10025: Managing BIG-IP product hotfixes (10.x) SOL6845: Managing BIG-IP product hotfixes (9.x) SOL9502: BIG-IP hotfix matrix - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBURxKCO4yVqjM2NGpAQKcchAAi6+VECvCja6zEWhNBTjmOBm7q3moW/GP U9Hue34qGqpQ3qXQQbTgIx/KEcqgF0fkfeYUc77ILQVl3t9vdQwZ8atqEEl2gvUs b1vmentz/Brd7BRyH8wKste+vXYWp8XpEgK1oVmMP1+8AKntSS6+VSh0tPIVmNZt wuETXZnHucjsjIVWIRJWJXVH1RH970vXZVRD4Iy5K1jX43z91NJ0gFl2YadEqPy1 Ayc1fTuVD8qalYFdpT0roOCusx46P35XVo1yNQEF87gT6er4NvHhyzfF76qMfn6x husHxnQGVM6FuB4xd1EvdaHjRliubwtKax2vF4PzKfuOhqOBt38eB90ZWvySzW2k DbzDMxAvp5KKXKGCj1g7oGBkpxKWrRNoJt1wwuC57YPGS22+lnoHOEEgbnKGozkf c/X+rTvISWC1znm1KPIR5o8RWn+db3JWi4wswEEDyjnSmWrZS5JkE7UM/n3SegtO SHj8GpCj1iH2Fa0l+8rqO4+n3AXM1lA/yjba7EE7/uy32UNUr7E0vhNkJ6fId4Z4 lzJfqsMpUBXxgT4ZzyX5w6KdXkeKSHYyho+utsE5iJJHsDFwKwvdpAgw75XUuq9x NWjC0Qie8tMl38jUvRM2JRWz5FTr/MSLewg5angdkNOiWPxlxVnu+Zl/RXXSfmPf PpRpPwySn1k= =wIpm -----END PGP SIGNATURE-----