Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1476 sol13233: TMM vulnerability CVE-2013-6016 Security Advisory 17 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP LTM BIG-IP Analytics BIG-IP APM BIG-IP ASM BIG-IP Edge Gateway BIG-IP GTM BIG-IP Link Controller BIG-IP PSM BIG-IP WebAccelerator BIG-IP WOM Publisher: F5 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-6016 Original Bulletin: http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13233.html - --------------------------BEGIN INCLUDED TEXT-------------------- sol13233: TMM vulnerability CVE-2013-6016 Security Advisory Original Publication Date: 12/12/2011 Updated Date: 10/16/2013 Description The BIG-IP system may incorrectly transition a TCP connection to an ESTABLISHED state prior to receiving the appropriate ACK packet for the connection. As a result of this issue, you may encounter the following symptoms: The BIG-IP system sends a SIGFPE signal to the Traffic Management Microkernel (TMM), resulting in a stack trace and core file. The BIG-IP system generates an assertion failure panic string in the /var/log/tmm file that appears similar to the following example: notice panic: Request for segment from middle of queue Impact TMM may restart and temporarily fail to process traffic. Status F5 Product Development has assigned ID 363504 (BIG-IP) to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to Versions known to be Vulnerable be vulnerable not vulnerable component or feature BIG-IP LTM 11.0.0 11.1.0 - 11.4.1 TMM 10.0.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP AAM None 11.4.0 - 11.4.1 None BIG-IP AFM None 11.3.0 - 11.4.1 None BIG-IP 11.0.0 11.1.0 - 11.4.1 TMM Analytics 11.0.0 HF1 and later BIG-IP APM 11.0.0 11.1.0 - 11.4.1 TMM 10.1.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP ASM 11.0.0 11.1.0 - 11.4.1 TMM 10.0.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP 11.0.0 11.1.0 - 11.3.0 TMM Edge Gateway 10.1.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP GTM 11.0.0 11.1.0 - 11.4.1 TMM 10.0.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP 11.0.0 11.1.0 - 11.4.1 TMM Link Controller 10.0.0 - 10.2.2 10.2.3 - 10.2.4 11.0.0 HF1 and later 10.2.2 HF3 and later BIG-IP PEM None 11.3.0 - 11.4.1 None BIG-IP PSM 11.0.0 - 11.4.1 11.1.0 - 11.4.1 TMM 10.0.0 - 10.2.4 10.2.3 - 10.2.4 9.4.5 - 9.4.8 11.0.0 HF1 and later None 10.2.2 HF3 and later BIG-IP 11.0.0 - 11.3.0 11.1.0 - 11.4.1 TMM WebAccelerator 10.0.0 - 10.2.4 10.2.3 - 10.2.4 9.4.0 - 9.4.8 11.0.0 HF1 and later None 10.2.2 HF3 and later BIG-IP WOM 11.0.0 11.1.0 - 11.4.1 TMM 10.0.0 - 10.2.2 10.2.3 - 10.2.4 None 11.0.0 HF1 and later 10.2.2 HF3 and later ARX None 6.0.0 - 6.4.0 None 5.0.0 - 5.3.1 Enterprise None 3.0.0 - 3.1.1 None Manager 2.0.0 - 2.3.0 FirePass None 7.0.0 None 6.0.0 - 6.1.0 BIG-IQ Cloud None 4.0.0 - 4.1.0 None BIG-IQ Security None 4.0.0 - 4.1.0 None Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL10025: Managing BIG-IP product hotfixes (10.x) SOL9502: BIG-IP hotfix matrix - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUl916xLndAQH1ShLAQL97A//VmEiuYmf9X1Z9qc7ikLMYxvDboHZtXj1 pCM6rN3N8l/cqmrNPeB5BuJgTZ7tbFSCO7mx9YSCvACmU90hDd93szACzm+HpjgI 883NNOV3YhS0GxdJLm0S9qU4ByJ+ir1c27F5FTfJqo6PjlP5S2mr3UFNR+4RzDvL /RbeWL5NyxfBZVGlG9cdBD7gDrWsrUYvOXWLODJsLTr8U8trXK6KNDz07aA36uUs q+XWk5QZf6Y8QY6YW/m01nwLg5PHFCa4eIgc8O1K0hGtJS2NuOBj9e/quF6HBpOJ wxc+ZD8YHEg4Oth5oOt2MOvidg75AAhvldt8I918mmMX3zo7XSXr8ACMv9yt158/ v5uEYg7c09PW/6DWMaRWiAp8LXtbNL/Fw2GmuYFMfMsmDuVYtYocni6S7L27ZJWR roHOPcG0Vk5o22ypNjL9FcZmo4SkAL5vcfUrXIQHFS/Mq4GWowIbPCsZUJDRXwZj KXGMvQPQx+EAFXqc+4CwTtBMgcidgEml+Y/DixJRrjDgRhmC2jJ/ge8EcnMzo4+K NQ4BL1l+9SC25vcdIxFeVRM6QzxDeFgAaikdQsrC5hPSOxu/KqZ9spK8dmeO6G30 GefUcWPOAjP9vfJoWLzBB8GXSWXumcLXSOMfWJR+t3lakCL9fuSPxo0/pypQSqO1 JXwh9x5XMcU= =1Rhi -----END PGP SIGNATURE-----