Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Sep 04, 2015

BIND vulnerability CVE-2015-5722

Hi

 

Due to BIND vulnerability CVE-2015-5722

 

I'm using GTM version 10.2.4 and it has note (1) and (3)

 

If I don't enable dnssec validation ...but config a pool to uses the Return to DNS load balancing method or Alternate and Fallback load balancing methods are set to None.

 

Did My box vulnerable?

 

  • Pascal_Tene_910's avatar
    Pascal_Tene_910
    Historic F5 Account

    Yes your box is potentially vulnerable when all pools associated with the wide-IP are unavailable. This is clarified in https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17181.html

     

    "These versions are vulnerable if configured with a pool that uses the Return to DNS load balancing method or when the pool's Alternate and Fallback load balancing methods are set to None, and all pools associated with the wide-IP are unavailable."