Lucene search

K
f5F5F5:K12567
HistoryJul 03, 2013 - 12:00 a.m.

K12567 : BIND vulnerability CVE-2010-3614

2013-07-0300:00:00
my.f5.com
13

6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.023 Low

EPSS

Percentile

88.7%

Security Advisory Description

Note: For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products.

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about F5’s security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP LTM None *9.0.0 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP GTM| None| *9.2.2 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x
BIG-IP ASM| None| *9.2.0 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x
BIG-IP Link Controller| None| *9.2.2 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x
BIG-IP WebAccelerator| None| *9.4.0 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP PSM| None| *9.4.5 - 9.4.8
*10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP WOM| None| *10.0.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP APM| None| *10.1.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP Edge Gateway| None| *10.1.0 - 10.2.1
10.2.1 HF1
10.2.2 - 10.2.4
11.x

BIG-IP Analytics| None| 11.x
BIG-IP AFM| None
| 11.x

BIG-IP PEM
| None
| 11.x

BIG-IP AAM| None| 11.x
FirePass| None| 5.x
6.x
7.x
Enterprise Manager| None| *1.0.0 - 2.3.0
3.x
ARX| None| 2.x
3.x
4.x
5.x
6.x

  • F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems.

This security advisory describes a BIND vulnerability.

For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:

Note: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.

<https://vulners.com/cve/CVE-2010-3614&gt;

F5 Product Development tracked an update to a version of BIND which mitigates this vulnerability, as ID 345944 and it was fixed in BIG-IP 10.2.2. BIND was updated to a non-vulnerable version in BIG-IP 10.2.1 HF1. You may download the 10.2.1 HF1 hotfix or later versions of the hotfix from the F5 Downloads site.

In addition, BIG-IP iHealth may list Heuristic H383256 on the Diagnostics > Identified > Medium screen.

For a list of the latest available hotfixes, refer to K9502: BIG-IP hotfix matrix.

For information about the F5 hotfix policy, refer to K4918: Overview of the F5 critical issue hotfix policy.

For information about how to manage F5 product hotfixes, refer to K6845: Managing F5 product hotfixes.

For information about installing version 10.x hotfixes, refer to in K10025: Managing F5 product hotfixes for BIG-IP 10.x systems.

6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.023 Low

EPSS

Percentile

88.7%