ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. (CVE-2016-2848)
Impact
A remote attacker may be able to cause a denial-of-service (DoS) attack on the BIG-IP system’s local instance of BIND by using a specially-crafted DNS request in configurations that expose BIND to requests from untrusted users. If the BIND process (named) terminates or stops responding, the**bigstart **process automatically restarts the impacted daemon.Note: The default BIND configuration is vulnerable. However, if a BIG-IP DNS/GTM configuration object in the DNS/GTM resolution hierarchy can provide an appropriate answer before the DNS query reaches the local BIND instance on the BIG-IP system, then the chance of local BIND being exposed to this vulnerability is decreased.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 12.0.0 |