Recommended Action
To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table.
To mitigate this vulnerability, you can disable recursion of the DNS server. To do so, perform the following procedure:
Impact of action: The BIG-IP system will not be able to perform recursive lookups and may cause DNS lookup failures. BIG-IP GTM functionality may be impacted.
Log in to the BIG-IP system command line.
Using a text editor, such as vi, edit the /var/named/etc/named.conffile.
Add the following line to the options section:
recursion no;
rndc reload
Supplemental Information
Note: This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.
Note: This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html
support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html
support.f5.com/kb/en-us/solutions/public/9000/500/sol9502.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html
support.f5.comcve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
support.f5.comcve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166