DNS Server Dynamic Update Record Injection

Question

Hello,&nbsp;
Does anyone know how to mitigate this vulnerability? Looks like F5 GMT v11.6.2 is vulnerable.&nbsp;
https://nmap.org/nsedoc/scripts/dns-update.html &nbsp;
Thank you in advance.&nbsp;

youssef1 · Answer

Hi,&nbsp;
did you have dns license?&nbsp;
Regards&nbsp;

ilian_ivanov · Answer

Yes, we have DNS license and we are using it :)&nbsp;

leonardo_souza · Answer

You need to find what CVE is that, and then just search in askf5.&nbsp;
If there is no CVE created, or you can't find information about the CVE, you need to open a ticket with F5 support to get more information.&nbsp;

youssef1 · Answer

Hi,&nbsp;
If you host dns on F5, you can Limit addresses that are allowed to do dynamic updates (eg, with BIND's 'allow-update' option) or implement TSIG or SIG(0).&nbsp;
Following your documentatio: https://www.tenable.com/plugins/nessus/35372&nbsp;
have you already deployed this solution?&nbsp;
Regards,&nbsp;

Forum Discussion

DNS Server Dynamic Update Record Injection

4 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Serverside SNI injection iRule

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Mitigating OWASP Web Application Risk: Injection exploits using F5 Distributed Cloud Platform