F5F5:K16356K16356 : BIND vulnerability CVE-2015-1349
6.4 Medium
AI Score
Confidence
Low
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.069 Low
EPSS
Percentile
93.3%
Security Advisory Description
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. (CVE-2015-1349)
Impact
This vulnerability can only be exploited if you explicitly enable DNSSEC validation and managed-keys features in the BIND configuration. The default BIND configuration on a BIG-IP system does not have these features enabled and is not vulnerable. When exploited, the remote attacker may be able to cause the named process to exit or crash, resulting in a denial of service (DoS).
Note: The BIG-IP DNSSEC feature does not use BIND code and is not vulnerable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip analytics | eq | 11.0.0 |
Related
6.4 Medium
AI Score
Confidence
Low
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.069 Low
EPSS
Percentile
93.3%