5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.963 High
EPSS
Percentile
99.4%
Vulnerability Recommended Actions
If you are running a version listed in theVersions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
To mitigate this vulnerability, you must disable the use of recursion in the BIND configuration. You can perform the following procedures to determine if recursion has been manually enabled, and disable it if it has been enabled.
Determining if recursion has been manually enabled on the system
Impact of action: Performing the following procedure should not have a negative impact on your system.
grep recursion /var/named/config/named.conf
recursion yes;
If the command returns the following response, recursion has not been enabled, and the system is not vulnerable.
recursion no;
Mitigating the vulnerability
To mitigate this vulnerability, you can turn recursion off in the named.conf file. To do so, perform the following procedure:
Impact of action: This modification requires a change to your configuration. F5 recommends that you test the modified configuration in an appropriate environment before implementing it.
cd /var/named/config
cp named.conf named.conf.SOL34250741
recursion yes;
recursion no;
bigstart restart named
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html