ADVISORY!
TLP : CLEAR
Date : 26/03/2024
REF NO : CERT / 2024/03/23
F5 Products Denial of Service Vulnerability
Severity Level: High
Components Affected
BIG-IP (all modules)
- 17.1.0 – 17.1.1
- 16.1.0 – 16.1.4
- 15.1.0 – 15.1.10
BIG-IQ Centralized Management
- 8.1.0 – 8.3.0
Overview
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Description
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Impact
- Denial of Service
Solution/ Workarounds
Please visit the vendor web-site for more details.
Apply workarounds issued by the vendor:
Workaround:
Reduce the vulnerability of attacks by following workaround:
- Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)
- Disabling the Use BIND Server on BIG-IP option in the DNS profile
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
