Lucene search

F5F5:K15927

HistorySep 16, 2015 - 12:00 a.m.

K15927 : BIND vulnerability CVE-2014-8500

2015-09-1600:00:00

my.f5.com

8.3 High

AI Score

Confidence

High

0.877 High

EPSS

Percentile

98.7%

JSON

Security Advisory Description

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. (CVE-2014-8500)

Impact

This behavior may lead to resource exhaustion and denial-of-service (up to and including termination of the namedserver process.) All recursive resolvers are affected. Authoritative servers may be affected if an attacker can control a delegation traversed by the authoritative server in servicing the zone.

Important: Recursion is not enabled by default for BIG-IP modules.

CPENameOperatorVersion
big-ip afmeq11.3.0
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.6.0
big-ip afmeq12.0.0
big-ip analyticseq11.0.0

Name	Operator	Version
big-ip afm	eq	11.3.0
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.6.0
big-ip afm	eq	12.0.0
big-ip analytics	eq	11.0.0

Rows per page:

1-10 of 2011