SOL12567 - BIND vulnerability CVE-2010-3614

• F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems.

This security advisory describes a BIND vulnerability.

For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:

Note: This link takes you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614&gt;

F5 Product Development tracked an update to a version of BIND which mitigates this vulnerability, as ID 345944 and it was fixed in BIG-IP 10.2.2. BIND was updated to a non-vulnerable version in BIG-IP 10.2.1 HF1. You may download the 10.2.1 HF1 hotfix or later versions of the hotfix from the F5 Downloads site.

In addition, BIG-IP iHealth may list Heuristic H383256 on the Diagnostics > Identified > Medium screen.

For a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.

For information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.

For information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.

For information about installing version 10.x hotfixes, refer to in SOL10025: Managing F5 product hotfixes for BIG-IP 10.x systems.