Operating System:

[Appliance]

Published:

12 December 2012

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ASB-2012.0171 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0171
           Multiple vulnerabilities have been fixed in F5 BIG-IP
                             12 December 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              BIG-IP
Operating System:     Network Appliance
Impact/Access:        Denial of Service -- Remote/Unauthenticated
                      Reduced Security  -- Existing Account      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2012-0248 CVE-2012-0247 CVE-2011-4313
Member content until: Friday, January 11 2013
Reference:            ASB-2012.0093
                      ESB-2012.0247
                      ASB-2011.0102

OVERVIEW

        F5 has released new hotfix for BIG-IP.


IMPACT

        Multiple security fixes are included in the latest hotfix:
        
        "BIND has been updated to 9.6-ESV-R5-P1 to mitigate CVE-2011-4313." [1]
        
        "The WebAccelerator module is no longer susceptible to issues described
        in CVE-2012-0247 and CVE-2012-0248." [1]
        
        The following additional information is available from the previous
        AusCERT bulletins:
        
        CVE-2011-4313:
        "Various organisations have reported to ISC that their BIND 9 servers
        have been crashing after performing recursive queries. ISC has stated
        that the problem is that BIND would cache an invalid record for which
        subsequent queries would trigger the crash." [2]
        
        CVE-2012-0247:
        "When parsing a maliciously crafted image with incorrect offset and count
        in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to
        an invalid address." [3]
        
        CVE-2012-0248:
        "Parsing a maliciously crafted image with an IFD whose all IOP tags
        value offsets point to the beginning of the IFD itself results in an
        endless loop and a denial of service." [3]


MITIGATION

        Customers should install BIG-IP 11.2.0 HF3.


REFERENCES

        [1] Release Note: BIG-IP LTM and TMOS version 11.2.0
            http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-0.html

        [2] ASB-2011.0102 - ALERT [Win][UNIX/Linux] BIND: Denial of service -
            Remote/unauthenticated
            https://auscert.org.au/15104

        [3] ESB-2012.0247 - [Win][UNIX/Linux][Debian] imagemagick: Multiple
            vulnerabilities
            https://auscert.org.au/15561

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUMgW2O4yVqjM2NGpAQKL2Q/+NeD4hJVOExht4FVf7tfBEOE7pl/2XXay
Q9D0ZojwMMV4mJNJ29bT2KeAcl57/ceA7kxJVNiC8vaYvVLLoLnTVtG4raWQoLRh
jHcU4yNAaHmKXNQo6LrGfG18Go2qVs3gX8EJNoU3Iut4YClDPDzwRx65idibd1RI
3kfpdR6gIE1SYI1BxI3g8P/6cG+ay6u/lQEL6eCUQc4qNDSd5apzxx1L7EYAQJ/c
a+uNkxXt/ExUmMqp5lDTPxT0UOyjy0sFCgNIa0yeUUnfMhZmTPQof6hYb7z33su7
A6AJ9EIo5irKPvFb3r63GBCQe90zmQEbRnVCVGfmV8B5JbpNCjUpZpCcwEL2u0JJ
ivpdcWSCUtNSOiZQ1U1db7QYXGlEaCm9TDSnztgrDhDQnD46dKTrjtNPzLftcjvX
6vYAivtLPZqaBF7WtzZE68iEXgtudqAq7yKmHdpZbWRCzF2gw2CY9MFruvpdqLeN
M5yNoZBikIg2Ak5Vl857WJnRniBCUMu7H0uoWW5ZBHOMJR9sH8pcvHjVzoC2EdRJ
WEHcoHGm1nVSk0bIxdg/GFRsddyHKAcYVl5E+eFLZftY4GBGmEKDH0IZqLuIik5F
sC1REpj8S6shxgVFLHs+alV0UpFcOh02bfz08vhM7I3P88UpwpwuCDjMJ/Untl52
dyOXoUaVxJo=
=BkpL
-----END PGP SIGNATURE-----