Operating System:

[Appliance]

Published:

08 April 2015

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2015.0900 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.0900
        SOL16364: GNU C Library (glibc) vulnerability CVE-2012-3406
                               8 April 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 BIG-IP products
                   F5 Enterprise Manager
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-3406  

Reference:         ESB-2015.0428
                   ESB-2012.0811
                   ESB-2012.0797
                   ESB-2012.0687
                   ESB-2013.0010.3

Original Bulletin: 
   https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16364.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SOL16364: GNU C Library (glibc) vulnerability CVE-2012-3406

Security Advisory

Original Publication Date: 04/03/2015

Description

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc)
2.5, 2.12, and probably other versions does not "properly restrict the use of"
the alloca function when allocating the SPECS array, which allows 
context-dependent attackers to bypass the FORTIFY_SOURCE format-string 
protection mechanism and cause a denial of service (crash) or possibly execute
arbitrary code via a crafted format string using positional parameters and a 
large number of format specifiers, a different vulnerability than 
CVE-2012-3404 and CVE-2012-3405. (CVE-2012-3406)

Impact

An attacker with local access and knowledge of how to make the glibc function
trigger an exploit may be able to cause a denial-of-service (DoS) or run 
arbitrary code.

Status

F5 Product Development has assigned ID 391780 (BIG-IP) to this vulnerability,
and has evaluated the currently supported releases for potential 
vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product 			Versions known to be vulnerable 	Versions known to be not vulnerable 		Severity 	Vulnerable component or feature

BIG-IP LTM 			11.0.0 - 11.2.1				11.3.0 - 11.6.0					low 		glibc
				10.1.0 - 10.2.4

BIG-IP AAM 			None 					11.4.0 - 11.6.0					Not vulnerable 	None

BIG-IP AFM 			None 					11.3.0 - 11.6.0					Not vulnerable 	None

BIG-IP Analytics 		11.0.0 - 11.2.1				11.3.0 - 11.6.0					low 		glibc

BIG-IP APM 			11.0.0 - 11.2.1				11.3.0 - 11.6.0 				low 		glibc
				10.1.0 - 10.2.4

BIG-IP ASM 			11.0.0 - 11.2.1				11.3.0 - 11.6.0					low 		glibc
				10.1.0 - 10.2.4

BIG-IP Edge Gateway		11.0.0 - 11.2.1				11.3.0						low 		glibc
				10.1.0 - 10.2.4

BIG-IP GTM 			11.0.0 - 11.2.1				11.3.0 - 11.6.0					low 		glibc
				10.1.0 - 10.2.4

BIG-IP Link Controller 		11.0.0 - 11.2.1				11.3.0 - 11.6.0					low 		glibc
				10.1.0 - 10.2.4

BIG-IP PEM 			None					11.3.0 - 11.6.0					Not vulnerable 	None

BIG-IP PSM 			11.0.0 - 11.2.1 			11.3.0 - 11.4.1					low 		glibc
				10.1.0 - 10.2.4

BIG-IP WebAccelerator 		11.0.0 - 11.2.1				11.3.0						low 		glibc
				10.1.0 - 10.2.4

BIG-IP WOM 			11.0.0 - 11.2.1				11.3.0						low 		glibc
				10.1.0 - 10.2.4

ARX 				None 					6.0.0 - 6.4.0					Not vulnerable 	None

Enterprise Manager 		3.0.0					3.1.0 - 3.1.1					low 		glibc
				2.1.0 - 2.3.0


FirePass 			None 					7.0.0						Not vulnerable 	None
									6.0.0 - 6.1.0

BIG-IQ Cloud 			None					4.0.0 - 4.5.0					Not vulnerable 	None

BIG-IQ Device 			None					4.2.0 - 4.5.0					Not vulnerable 	None

BIG-IQ Security 		None					4.0.0 - 4.5.0					Not vulnerable 	None

BIG-IQ ADC 			None					4.5.0						Not vulnerable 	None

LineRate 			None					2.5.0						Not vulnerable 	None
									2.4.0 - 2.4.2 

F5 WebSafe 			None					1.0.0						Not vulnerable	None

Traffix SDC 			None					3.3.2 - 3.5.1					Not vulnerable 	None
									4.0.0 - 4.1.0

BIG-IP Edge Clients  		None 					2.0.0 - 2.0.6 					Not vulnerable 	None
 for Android
BIG-IP Edge Clients  		None 					2.0.0 - 2.0.4					Not vulnerable 	None
 for Apple iOS								1.0.5 - 1.0.6 

BIG-IP Edge Clients 		None 					6035.x - 7110.x 				Not vulnerable 	None
 for Linux

BIG-IP Edge Clients 		None 					6035.x - 7110.x 				Not vulnerable 	None
 for MAC OS X 

BIG-IP Edge Clients 		None 					6035.x - 7110.x 				Not vulnerable 	None
 for Windows 

BIG-IP Edge Clients 		None 					1.0.0.x 					Not vulnerable 	None
 Windows Phone 8.1 

BIG-IP Edge Portal 		None 					1.0.0 - 1.0.2 					Not vulnerable 	None
 for Android 

BIG-IP Edge Portal 		None 					1.0.0 - 1.0.3 					Not vulnerable 	None
 for Apple iOS 

Note: As of February 17, 2015, AskF5 Security Advisory articles include the 
Severity value. Security Advisory articles published before this date do not 
list a Severity value.

Recommended Action

If the previous table lists a version in the Versions known to be not 
vulnerable column, you can eliminate this vulnerability by upgrading to the 
listed version. If the listed version is older than the version you are 
currently running, or if the table does not list any version in the column, 
then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values 
published in the previous table. The Severity values and other security 
vulnerability parameters are defined in SOL4602: Overview of the F5 security 
vulnerability response policy.

To mitigate this vulnerability, you should permit access to F5 products only 
over a secure network, and limit login access to trusted users. For additional
information, refer to SOL13092: Overview of securing access to the BIG-IP 
system.

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products

SOL9957: Creating a custom RSS feed to view new and updated documents

SOL4918: Overview of the F5 critical issue hotfix policy

SOL167: Downloading software and firmware from F5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVSSvlhLndAQH1ShLAQJ33BAAnjZaUy5LIt6YUMZqmBsv4PaWM4lI/5h1
AxYsmn69cwibJR4y9UOlgiL/PygXN7rTX4BBfUdOtDUOmo9zNsIX6e4/Gg1ABK0Q
eaGxFCXMZuJpmYiXjDqvSD7bVWAW4oakRS5Sd54fof4aqqeRoJGok8d+iWAI6HRC
r8PG5aJSkHE6HpNry0O4jfrpHlp6373u1T8gBFTBNsWKkrnDzMKc3h0sVcncmpV9
WmLVE0Hmz2f7kx5bxGzqBXrF7Vf/AaFo7Dq8LxfGV5RIi5qf3ptv+9g5Kz3Ro6qd
EKZSNriR34WyqCwI+bT7+PpyPdvzkWPd/pqz46UM35iXOmHnS4DDJk/V1mRIRjd5
MT9+c1CF0qAqFNNZcYlx2ChtF3bzaAnuqQZKZ7ZumBuT29tgCwXSNi/a108XExJP
y6AzwBklhd/zR6sbjhRYmErUryEiUWOFX7lEJ5ZlgZ3/VDa2PKF48x54PCwUTUFA
qP5TEyhCzHlwVvkkrH3oRupyuF3XTV1OUq12mGhyHaj4KywRsOXyXsb/Yy4vPJy2
91T4SmS5clzJ8eqZAL6VzQ4czAlfy4ad7YoUgcU5CmCZrP6TbXefKX6bztFXzS1g
tPhP5G3yiMBG8WmDmkmUoom9mEoip8I+PnDZ8KKxt46Rwg0WxlZHORDKfw+tJTJM
t66kNsBRcZw=
=0vf+
-----END PGP SIGNATURE-----