SynopsisThe remote device is missing a vendor-supplied security patch.
Descriptionnamed in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. (CVE-2016-9147)
When the BIND recursion option is enabled, an attacker can exploit this vulnerability to cause the named process to restart.
Additionally, the restarted process does not trigger the BIG-IP system high availability (HA) failover event.
By default, the BIND recursion option is not enabled on BIG-IP DNSsystems. If the BIND recursion option is enabled, BIG-IP DNS systems are vulnerable.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K02138183.