Lucene search

F5SOL62012529

HistoryMar 09, 2016 - 12:00 a.m.

SOL62012529 - BIND vulnerability CVE-2016-1286

2016-03-0900:00:00

support.f5.com

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.968 High

EPSS

Percentile

99.6%

JSON

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

BIG-IP/BIG-IQ/Enterprise Manager

To mitigate this vulnerability, you must disable the use of recursion in the BIND configuration. To determine if recursion has been manually enabled, and mitigate the vulnerability by disabling recursion, perform the following procedures.

Determining if recursion has been manually enabled on the system

Impact of action: Performing the following procedure should not have a negative impact on your system.

Log in to the BIG-IP command line.
Type the following command:

grep recursion /var/named/config/named.conf

If the command returns the following response, recursion has been enabled, and you should perform the Mitigating the vulnerability procedure.

recursion yes;

If the command returns the following response, recursion has not been enabled, and the system is not vulnerable.

recursion no;

Mitigating the vulnerability

To mitigate this vulnerability, you can disable recursion in the named.conf file. To do so, perform the following procedure:

Impact of action: This modification requires changing your configuration. F5 recommends that you test the modified configuration in an appropriate environment before implementing it.

Log in to the BIG-IP command line.
Change directories to the /var/named/configdirectory by typing the following command:

cd /var/named/config

Create a backup of the named.conf file by typing the following command:

cp named.conf named.conf.SOL62012529

To edit the named.conf file, locate the** recursion** option.

For example:

recursion yes;

Change the recursion option to** no.**

For example:

recursion no;

Save the changes to the named.conf file.
Restart the named process to allow the changes to reload, by typing the following command:

bigstart restart named

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4918: Overview of the F5 critical issue hotfix policy
SOL4602: Overview of the F5 security vulnerability response policy

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle12.0.0
big-ip afmle12.0.0
big-ip edge gatewayle11.3.0
big-ip ltmle12.0.0
big-iq cloud and orchestrationle1.0.0
big-ip webacceleratorle11.3.0
big-ip aamle12.0.0
big-ip womle11.3.0
big-ip psmle11.4.1

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	12.0.0
big-ip afm	le	12.0.0
big-ip edge gateway	le	11.3.0
big-ip ltm	le	12.0.0
big-iq cloud and orchestration	le	1.0.0
big-ip webaccelerator	le	11.3.0
big-ip aam	le	12.0.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1