SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   F5 BIG-IP Vendors:   F5 Networks
F5 BIG-IP DNS Lets Remote Users Hijack the Target DNS in Certain Cases
SecurityTracker Alert ID:  1040643
SecurityTracker URL:  http://securitytracker.com/id/1040643
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 7 2018
Impact:   Disclosure of system information, Modification of system information
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in F5 BIG-IP DNS. A remote user can hijack the target DNS in certain cases.

On systems where the hostname is a public domain name that the BIG-IP system owner does not control, a remote user may be able to hijack the DNS to cause DNS queries to be redirected to a remote DNS server.

Systems that have a DNS zone that contains an NS resource record configured using the BIG-IP hostname (such as when a wide IP is created for a zone that does not yet exist in the local BIND server) and that are configured to use the local instance of BIND server are affected.

The vendor has assigned ID 712653 to this vulnerability.

Impact:   A remote user may be able to cause DNS queries to be redirected to a remote DNS server.
Solution:   No solution was available at the time of this entry.

F5 has described a workaround in their advisory.

The F5 advisory is available at:

https://support.f5.com/csp/#/article/K32518458

Vendor URL:  support.f5.com/csp/article/K32518458 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC