SOL14201 - BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244

Recommended Action

To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table.

To mitigate this vulnerability, you can disable recursion of the DNS server. To do so, perform the following procedure:

Impact of action: The BIG-IP system will not be able to perform recursive lookups and may cause DNS lookup failures. BIG-IP GTM functionality may be impacted.

1. Log in to the BIG-IP system command line.

2. Using a text editor, such as vi, edit the /var/named/etc/named.conffile.

3. Add the following line to the options section:

recursion no;

4. Save the file.
5. To load the new configuration, type the following command:

rndc reload

Supplemental Information

• CVE-2012-5166

Note: This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

• CVE 2012-4244

Note: This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents.
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13123: Managing BIG-IP product hotfixes (11.x)
• SOL10025: Managing BIG-IP product hotfixes (10.x)
• SOL6845: Managing BIG-IP product hotfixes (9.x)
• SOL9502: BIG-IP hotfix matrix