-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0093
       Hotifx 6 for F5 BIG-IP 9.4.8 addresses a number of important
                              vulnerabilities
                               22 June 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              BIG-IP
Operating System:     Network Appliance
Impact/Access:        Root Compromise   -- Remote/Unauthenticated
                      Denial of Service -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-1493 CVE-2011-4313 CVE-2011-1910
Member content until: Sunday, July 22 2012
Reference:            ASB-2012.0086
                      ASB-2011.0102
                      ESB-2011.0568

Comment: Previously users of BIG-IP 9.4.8 were required to either upgrade to
         another version of BIG-IP or take mitigation steps. This update
         provides a fix for those using version 9.4.8 who were unable to
         upgrade.

OVERVIEW

        F5 have released hotfix 6 for BIG-IP 9.4.8 which addresses a number of
        important vulnerabilities. [1]


IMPACT

        The following information about the vulnerabilities is available:
        
        CVE-2011-1910:
        " Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
        before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before
        9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service 
        assertion failure and daemon exit) via a negative response containing
        large RRSIG RRsets." [2]
        
        CVE-2011-4313
        F5 have not provided specific information for this vulnerability. The
        following is an excerpt from the NIST National Vulnerability Database:
        
        "query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5,
        9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1,
        and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial
        of service (assertion failure and named exit) via unknown vectors
        related to recursive DNS queries, error logging, and the caching of an
        invalid record by the resolver." [3]
        
        CVE-2012-1493:
        "A platform-specific remote access vulnerability has been discovered
        that may allow a remote user to gain privileged access to affected
        systems using SSH. The vulnerability is caused by a configuration
        error, and is not the result of an underlying SSH defect." [4]


MITIGATION

        Customers should apply hotfix 6 for BIG-IP 9.4.8. [1]


REFERENCES

        [1] Overview of BIG-IP version 9.4.8 HF6
            http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13687.html?ref=rss

        [2] BIND vulnerability CVE-2011-1910
            http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12985.html

        [3] Vulnerability Summary for CVE-2011-4313
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313

        [4] SSH vulnerability CVE-2012-1493
            http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT+PROO4yVqjM2NGpAQKHtQ//Rj+ga4ZWorE/ThJAAR1SoZX52IWWUwJw
/PXiS/cswqrFy/nSZv/8QRr2+lYCh5xAFZGfWM2rum+QQl/iYF1YSKERKL9wmxdf
V1J5zFZrVwS31bW6JYZAUuXHNA9sZ/GfAXu/RPexJbxxh/yHJauqDBlqN6O6s/Jg
z306CJhKhC0hY/L+A4m08j3BSjZoFBxXOIVPhbkEHSJ6EDCMIvbxhF91sbVxz8oj
teG+h4B/uGkDlTaJkQXJNsiN3igyXOhHmWkzt678T0zLIQ5qP699treR+Br5jAMZ
roFuq+0wf7oxhWdoCu6r1Z9ip0TbQFbsC3gk87fGS5AIeFy+oTwR7sUMSKhcIR8S
j8Lnj8EFWQaieAw+WpTYliHgLaZgHAoS6/kiCtAh7mORYWIEvNzgNXy949U3umEN
pdXgLSts76EuIax2AD3C65WGyJ3n2Pk1bJECVtcjE3OC/zjxRvDXxdsav/YZGHa/
Wh/eHT48VfRtu5jH2i9lX11Zj9bclzng/mKf0jDJ58z8uicLylCrCp9jwD0ZvTuU
L86FKWV1ohYHi2Khod4Zn1STskEWviibDqkPBcHjU3Z963hl9WntbiuPHcZHWSDS
HscPyGXO9klk61TxqKknPxmdwDXHbXs9ZLZeW300GZ2ngjdVinyQ48DVIB+yoH1V
NbrFy9OE66A=
=gcWt
-----END PGP SIGNATURE-----