K32049025 : BIND vulnerability CVE-2016-6170

Security Advisory Description

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. (CVE-2016-6170)

Impact

BIG-IP

This vulnerability can only be exploited if untrusted parties are allowed to overwhelm the server by transferring large quantities of zone data. When exploited, the system may have its memory exhausted causing unpredictable behavior.

iWorkflow, BIG-IQ and Enterprise Manager

These systems are not vulnerable in a default configuration. The vulnerable code is present on the system; however, configuring a DNS server is not supported on these systems. In addition, after DNS configuration, this vulnerability can only be exploited if untrusted parties are allowed to overwhelm the server by transferring large quantities of zone data.