Operating System:

[Appliance]

Published:

13 February 2015

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2015.0367 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0367
            sol16122: Linux kernel vulnerability CVE-2014-9322
                             13 February 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Root Compromise -- Existing Account
Resolution:        Mitigation
CVE Names:         CVE-2014-9322  

Reference:         ESB-2015.0019
                   ESB-2014.2496
                   ESB-2014.2454
                   ESB-2014.2443
                   ESB-2014.2412.2

Original Bulletin: 
   https://support.f5.com/kb/en-us/solutions/public/16000/100/sol16122.html?ref=rss

- --------------------------BEGIN INCLUDED TEXT--------------------

sol16122: Linux kernel vulnerability CVE-2014-9322

Security Advisory

Original Publication Date: 02/12/2015

Description

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly
handle faults associated with the Stack Segment (SS) segment register, which 
allows local users to gain privileges by triggering an IRET instruction that 
leads to access to a GS Base address from the wrong space. (CVE-2014-9322)

Impact

A malicious local user could escalate their privileges.

Status

F5 Product Development has assigned ID 496969 (BIG-IP), ID 503053 (BIG-IQ), 
and ID 503054 (Enterprise Manager) to this vulnerability, and has evaluated 
the currently supported releases for potential vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product 	Versions known to be vulnerable 	Versions known to be not vulnerable 	Vulnerable component or feature

BIG-IP LTM 	11.0.0 - 11.6.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP AAM 	11.4.0 - 11.6.0 			None 					Linux kernel

BIG-IP AFM 	11.3.0 - 11.6.0 			None 					Linux kernel

BIG-IP 
Analytics 	11.0.0 - 11.6.0 			None 					Linux kernel

BIG-IP APM 	11.0.0 - 11.6.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP ASM 	11.0.0 - 11.6.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP Edge 
Gateway 	11.0.0 - 11.3.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP GTM 	11.0.0 - 11.6.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP Link 
Controller 	11.0.0 - 11.6.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP PEM 	11.3.0 - 11.6.0 			None 					Linux kernel

BIG-IP PSM 	11.0.0 - 11.4.1 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP 
WebAccelerator 	11.0.0 - 11.3.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

BIG-IP WOM 	11.0.0 - 11.3.0 
		10.1.0 - 10.2.4 			None 					Linux kernel

Enterprise 
Manager 	3.0.0 - 3.1.1 
		2.1.0 - 2.3.0 				None 					Linux kernel

BIG-IQ Cloud 	4.0.0 - 4.5.0 				None 					Linux kernel

BIG-IQ Device 	4.2.0 - 4.5.0 				None 					Linux kernel

BIG-IQ Security 4.0.0 - 4.5.0 				None 					Linux kernel

BIG-IQ ADC 	4.5.0 					None 					Linux kernel

Recommended Action

If the previous table lists a version in the Versions known to be not 
vulnerable column, you can eliminate this vulnerability by upgrading to the 
listed version. If the listed version is older than the version you are 
currently running, or if the table does not list any version in the column, 
then no upgrade candidate currently exists.

F5 is responding to this vulnerability as determined by the parameters defined
in SOL4602: Overview of the F5 security vulnerability response policy.

To mitigate this vulnerability, you should only permit management access to F5
products over a secure network and limit shell access to trusted users.

Supplemental Information

    SOL9970: Subscribing to email notifications regarding F5 products SOL9957:
Creating a custom RSS feed to view new and updated documents SOL4918: Overview
of the F5 critical issue hotfix policy SOL167: Downloading software and 
firmware from F5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVN1eMBLndAQH1ShLAQKfzRAAlEIvIqNCoLL1vcuj4lEP3uOeu3LBpSdb
v2H5uhmwvgJngtk4ZXso4bDE1/c8EqVp/q2cu81X0Ri8Aqk7tbfTjtqfK50ZNs9o
LyJcjuRN5HF/Rng7rb0CTT3GcF5zXiLXpq9MurBlz+ZvKE8KQxS1ED3jUkE5O9Ol
n0sGLU7ktAYPf8wr3wE6Rrk9LrckgwubUi1vC65OAN+gyaf+r6xhyMm+PgBNbsD3
9Uj98rZO2hlI3eIt8Ap2+8psmn243IxOXWB/v/cCD1HSntkNbPuZEG2JCTMfTkYj
KtU4GweBCUKaQMADvw4Q4ctpjCIvjgst/6otu+jSwm0WAbOWHkTfREiaBIwqTdnd
fEQCZmptkWQB2x98BfgxbGz6sjrD+2mntu9HCYTMoQf2bANDLmuhItQGpSYMOGWR
lHr+ToZgOJlOe8nKm4wXLMN8q7CdCaAsURpfkkIvgC4TKdXMLJIsIcVVoJi+K9YK
f0l0NQ1JTapvk2zUFkR0oGQ1jhlAmw2UHOBMnUfpDxWYVbOvS8I2QmNnk4CV7yRo
nRaNVrgCNjdyiXbE6H9DfxzizZFR81dbJAskkYT4LTTMVdTPZVxC1REvZIStD2xL
nVtWmJKWS2DkgJmrU+xIy30Y9uwLpOrSdGikXK7zj+n0MsFf7ASych2s7CqfODkv
LfHhGTzJ3ZU=
=DHJ1
-----END PGP SIGNATURE-----