-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0692
        sol14410: Multiple MySQL vulnerabilities Security Advisory
                                15 May 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP LTM
                   BIG-IP AFM
                   BIG-IP Analytics
                   BIG-IP APM
                   BIG-IP ASM
                   BIG-IP Edge Gateway
                   BIG-IP GTM
                   BIG-IP Link Controller
                   BIG-IP PEM
                   BIG-IP PSM
                   BIG-IP WebAccelerator
                   BIG-IP WOM
                   Enterprise Manager
                   FirePass
Publisher:         F5
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Existing Account
                   Modify Arbitrary Files   -- Existing Account
                   Denial of Service        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0496 CVE-2012-0495 CVE-2012-0494
                   CVE-2012-0493 CVE-2012-0492 CVE-2012-0491
                   CVE-2012-0490 CVE-2012-0489 CVE-2012-0488
                   CVE-2012-0487 CVE-2012-0486 CVE-2012-0485
                   CVE-2012-0484 CVE-2012-0120 CVE-2012-0119
                   CVE-2012-0118 CVE-2012-0117 CVE-2012-0116
                   CVE-2012-0115 CVE-2012-0114 CVE-2012-0113
                   CVE-2012-0112 CVE-2012-0102 CVE-2012-0101
                   CVE-2012-0087 CVE-2012-0075 CVE-2011-2262

Reference:         ASB-2012.0009
                   ESB-2012.0252
                   ESB-2012.0157
                   ESB-2012.0146

Original Bulletin: 
   http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14410.html

- --------------------------BEGIN INCLUDED TEXT--------------------

sol14410: Multiple MySQL vulnerabilities Security Advisory

Security Advisory

Original Publication Date: 05/14/2013

Description

For BIG-IP systems using the MySQL database, the following MySQL 
vulnerabilities may allow local users to gain knowledge of sensitive 
information, manipulate certain data, or cause a Denial of Service (DoS):

    CVE-2011-2262
    CVE-2012-0075
    CVE-2012-0087
    CVE-2012-0101
    CVE-2012-0102
    CVE-2012-0112
    CVE-2012-0113
    CVE-2012-0114
    CVE-2012-0115
    CVE-2012-0116
    CVE-2012-0117
    CVE-2012-0118
    CVE-2012-0119
    CVE-2012-0120
    CVE-2012-0484
    CVE-2012-0485
    CVE-2012-0486
    CVE-2012-0487
    CVE-2012-0488
    CVE-2012-0489
    CVE-2012-0490
    CVE-2012-0491
    CVE-2012-0492
    CVE-2012-0493
    CVE-2012-0494
    CVE-2012-0495
    CVE-2012-0496

For Enterprise Manager systems, the following MySQL vulnerability may also 
allow remote users to gain knowledge of sensitive information, manipulate 
certain data, or cause a DoS:

    CVE-2011-2262

Impact

    This vulnerability may allow local users to gain knowledge of sensitive 
    information, manipulate certain data, or cause a DoS.
    This vulnerability may allow remote exploit of Enterprise Manager systems 
    configured to back up the statistics database to a remote system 
    (Statistics Data Location is set to 'External').

Status

F5 Product Development has assigned ID 378560 (BIG-IP and Enterprise Manager) 
to these vulnerabilities.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product		 	Versions known to be vulnerable 	Versions known to be not vulnerable 	Vulnerable component or feature
BIG-IP LTM 		None					9.0.0 - 9.6.1				None
								10.0.0 - 10.2.4
								11.0.0 - 11.3.0

BIG-IP AFM 		None 					11.3.0 					None

BIG-IP Analytics 	11.0.0 - 11.2.1		 		11.3.0 					MySQL

BIG-IP APM 		10.1.0 - 10.2.41			11.3.0 					MySQL
			1.0.0 - 11.2.1 

BIG-IP ASM	 	9.2.0 - 9.4.8				11.3.0 					MySQL
			10.0.0 - 10.2.4
			11.0.0 - 11.2.1 	

BIG-IP Edge Gateway	10.1.0 - 10.2.4				11.3.0 					MySQL
			11.0.0 - 11.2.1 	

BIG-IP GTM 		None 					9.2.2 - 9.4.8				None
								10.0.0 - 10.2.4
								11.0.0 - 11.3.0 

BIG-IP Link Controller 	None					9.2.2 - 9.4.8				None	
								10.0.0 - 10.2.4
								11.0.0 - 11.3.0

BIG-IP PEM 		None					11.3.0					None

BIG-IP PSM	 	9.4.5 - 9.4.8				11.3.0 					MySQL
			10.0.0 - 10.2.4
			11.0.0 - 11.2.1 	

BIG-IP WebAccelerator 	9.4.0 - 9.4.8				11.3.0 					MySQL
			10.0.0 - 10.2.4
			11.0.0 - 11.2.1 	

BIG-IP WOM 		None 					10.0.0 - 10.2.4				None
								11.0.0 - 11.3.0 	

ARX 			None 					5.0.0 - 5.3.1				None
								6.0.0 - 6.3.0 	

Enterprise Manager 	1.6.0 - 1.8.0				3.1.0 					MySQL
			2.0.0 - 2.3.0
			3.0.0 	

FirePass	 	None				 	6.0.0 - 6.1.0				None
								7.0.0 	

Recommended action

To eliminate these vulnerabilities, upgrade to a version that is listed in the 
Versions known to be not vulnerable column in the previous table.

For Enterprise Manager, if you are unable to upgrade to 3.1.0, you can mitigate 
the remote vulnerability by configuring the Statistics Data Location option to
use the local database. To do so, perform the following procedure:

Impact of action: The Enterprise Manager system will no longer store health and 
performance monitoring statistics on an external database.

    Log in to the Configuration utility.
    Click Statistics.
    Click Managed Devices.
    Click Options.
    Click Data Storage.
    Change the Statistics Data Location option to Local.
    Click Save Changes.

Supplemental Information

    SOL11317: Connectivity requirements for the Enterprise Manager system
    SOL9970: Subscribing to email notifications regarding F5 products
    SOL9957: Creating a custom RSS feed to view new and updated documents.
    SOL4602: Overview of the F5 security vulnerability response policy
    SOL4918: Overview of the F5 critical issue hotfix policy
    SOL167: Downloading software and firmware from F5
    SOL13123: Managing BIG-IP product hotfixes (11.x)
    SOL9502: BIG-IP hotfix matrix

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUZMNce4yVqjM2NGpAQIY9Q//eFXMnH4cORF73p5lWloYMrUkP+I5tI3h
0XQKkTuxy3HjirxL6ayglz4sN4Pw4NwdhZRsck0zpdkvcHxbxc+dSjPv8IFj/HLO
zfZPUXz63Zc1/XiSx8s4uq4G7N123f2L65JuXfvWapn5UiRF8rluIRAIoHPijd7P
+TE4mRGpo64kjqkYh7Kj/x/56ECn9iSlAL4IYo4buTQNpBbAWNFM0nljyPfegFN4
p8yHupVMBuk3Iuj5j5h0meRjciFL4a/ZodEI6PHEyLQKhnsDacz6rPEs7Uzi3Smn
ht8ZC50rFkvfp/aIA6fuAllALT0GcqKA7svU14WG9JTDfFBhgDK0r487Patp+Dj6
bXdEfntLa3ZIuq4/BWM23U+vZUTUi4tA5LIQ1QEV27GFnZRnZiFiro9MTbNTwz5o
r8GBBlMrhgJxpJj1fqIGMMvjIzQUkAAsczK0K6QCLtfFHxhdV0MINsRc2s7gsUMT
Nbx2ceBON0SxPm3uRPjMOypk8b8P8qZLnTE03wTC7NePbGeW9pG3L5QSBAFgndkb
12ptdp1HzFhrpTUgC8OnUQQRhGy2zIZVEvF2Qd6f4qXGC/Pl6Rbu3UJFcOHjTERg
ijfZS5vAU5Ay9oFrzTUtLkhD1nI1appTTRLGE4WDM2LcbCvzI3HN1UYfLccmyGGk
JFi7qM4XYuU=
=+8Da
-----END PGP SIGNATURE-----