K34250741 : BIND vulnerability CVE-2015-8000

Security Advisory Description

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. (CVE-2015-8000)

Impact

An attack may cause a denial-of-service (DoS) on the vulnerable BIND system by requesting a record that contains a malformed class attribute.

Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, the BIG-IP, BIG-IQ, and Enterprise Manager systems do not use the vulnerable code in a way that exposes the vulnerability in the default configuration.

The BIG-IP system must meet both of the following conditions to be considered vulnerable:

• A listener object is configured to use the local BIND.

For example:

* A virtual server with a DNS profile is configured with the **Use BIND Server on BIG-IP** option (this option is enabled by default for the DNS profile)
* A DNS/GTM pool uses the Return to DNS load balancing method or its****Alternate and Fallback****load balancing methods set to None** **and all pools associated with the wide IP are unavailable.

• The local BIND configuration is enabled with the non-default recursion yes; option.