K01471335 : BIND vulnerability CVE-2016-2848

Security Advisory Description

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. (CVE-2016-2848)
Impact
A remote attacker may be able to cause a denial-of-service (DoS) attack on the BIG-IP system’s local instance of BIND by using a specially-crafted DNS request in configurations that expose BIND to requests from untrusted users. If the BIND process (named) terminates or stops responding, the**bigstart **process automatically restarts the impacted daemon.Note: The default BIND configuration is vulnerable. However, if a BIG-IP DNS/GTM configuration object in the DNS/GTM resolution hierarchy can provide an appropriate answer before the DNS query reaches the local BIND instance on the BIG-IP system, then the chance of local BIND being exposed to this vulnerability is decreased.