SOL34250741 - BIND vulnerability CVE-2015-8000

2015-12-1600:00:00

support.f5.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.963 High

EPSS

Percentile

99.4%

JSON

Vulnerability Recommended Actions

If you are running a version listed in theVersions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

To mitigate this vulnerability, you must disable the use of recursion in the BIND configuration. You can perform the following procedures to determine if recursion has been manually enabled, and disable it if it has been enabled.

Determining if recursion has been manually enabled on the system

Impact of action: Performing the following procedure should not have a negative impact on your system.

Log in to the BIG-IP command line.
Type the following command:

grep recursion /var/named/config/named.conf

If the command returns the following response, recursion has been enabled, and you should perform the following, Mitigating the vulnerability procedure.

recursion yes;

If the command returns the following response, recursion has not been enabled, and the system is not vulnerable.

recursion no;

Mitigating the vulnerability

To mitigate this vulnerability, you can turn recursion off in the named.conf file. To do so, perform the following procedure:

Impact of action: This modification requires a change to your configuration. F5 recommends that you test the modified configuration in an appropriate environment before implementing it.

Log in to the BIG-IP command line.
Change directories to the /var/named/configdirectory by typing the following command:

cd /var/named/config

Create a backup of the named.conf file by typing the following command:

cp named.conf named.conf.SOL34250741

To edit the named.conf file, locate the** recursion** option.
For example:

recursion yes;

Change the recursion option to** no.**
For example:

recursion no;

Save the changes to the named.conf file.
Restart namedto allow the changes to reload by typing the following command:

bigstart restart named

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle12.0.0
big-ip ltmle12.0.0
big-ip afmle12.0.0
big-ip edge gatewayle11.3.0
big-iq cloud and orchestrationle1.0.0
big-ip link controllerle12.0.0
big-ip webacceleratorle11.3.0
big-ip analyticsle12.0.0
big-ip aamle12.0.0

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	12.0.0
big-ip ltm	le	12.0.0
big-ip afm	le	12.0.0
big-ip edge gateway	le	11.3.0
big-iq cloud and orchestration	le	1.0.0
big-ip link controller	le	12.0.0
big-ip webaccelerator	le	11.3.0
big-ip analytics	le	12.0.0
big-ip aam	le	12.0.0