K16356 : BIND vulnerability CVE-2015-1349

Security Advisory Description

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. (CVE-2015-1349)

Impact

This vulnerability can only be exploited if you explicitly enable DNSSEC validation and managed-keys features in the BIND configuration. The default BIND configuration on a BIG-IP system does not have these features enabled and is not vulnerable. When exploited, the remote attacker may be able to cause the named process to exit or crash, resulting in a denial of service (DoS).

Note: The BIG-IP DNSSEC feature does not use BIND code and is not vulnerable.