Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.2239
sol17132: Linux kernel vulnerability CVE-2014-8133
26 August 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: F5 products
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2014-8133
Reference: ESB-2015.1935
ESB-2015.0108
Original Bulletin:
https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17132.html
- --------------------------BEGIN INCLUDED TEXT--------------------
sol17132: Linux kernel vulnerability CVE-2014-8133
Security Advisory
Original Publication Date: 08/24/2015
Description
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in
the Linux kernel through 3.18.1 allows local users to bypass the espfix
protection mechanism, and consequently makes it easier for local users to
bypass the ASLR protection mechanism, via a crafted application that makes
a set_thread_area system call and later reads a 16-bit value. (CVE-2014-8133)
Impact
This vulnerability allows local users to bypass the espfix protection
mechanism, which consequently makes it easier for local users to bypass
the ASLR protection mechanism using a crafted application that makes a
set_thread_area system call and later reads a 16-bit value.
Status
To determine if your release is known to be vulnerable, the components
or features that are affected by the vulnerability, and for information
about releases or hotfixes that address the vulnerability, refer to the
following table:
Product Versions known to Versions known to Severity Vulnerable component
be vulnerable be not vulnerable or feature
BIG-IP LTM 10.1.0 - 10.2.4 11.0.0 - 11.6.0 Low Linux kernel*
BIG-IP AAM None 11.4.0 - 11.6.0 Not vulnerable None
BIG-IP AFM None 11.3.0 - 11.6.0 Not vulnerable None
BIG-IP None 11.0.0 - 11.6.0 Not vulnerable None
Analytics
BIG-IP APM 10.1.0 - 10.2.4 11.0.0 - 11.6.0 Low Linux kernel*
BIG-IP ASM 10.1.0 - 10.2.4 11.0.0 - 11.6.0 Low Linux kernel*
BIG-IP Edge 10.1.0 - 10.2.4 11.0.0 - 11.3.0 Low Linux kernel*
Gateway
BIG-IP GTM 10.1.0 - 10.2.4 11.0.0 - 11.6.0 Low Linux kernel*
BIG-IP Link 10.1.0 - 10.2.4 11.0.0 - 11.6.0 Low Linux kernel*
Controller
BIG-IP PEM None 11.3.0 - 11.6.0 Not vulnerable None
BIG-IP PSM 10.1.0 - 10.2.4 11.0.0 - 11.4.1 Low Linux kernel*
BIG-IP 10.1.0 - 10.2.4 11.0.0 - 11.3.0 Low Linux kernel*
WebAccelerator
BIG-IP WOM 10.1.0 - 10.2.4 11.0.0 - 11.3.0 Low Linux kernel*
ARX None 6.0.0 - 6.4.0 Not vulnerable None
Enterprise None 3.0.0 - 3.1.1 Not vulnerable None
Manager
FirePass None 7.0.0 Not vulnerable None
6.0.0 - 6.1.0
BIG-IQ Cloud None 4.0.0 - 4.5.0 Not vulnerable None
BIG-IQ Device None 4.2.0 - 4.5.0 Not vulnerable None
BIG-IQ Security None 4.0.0 - 4.5.0 Not vulnerable None
BIG-IQ ADC None 4.5.0 Not vulnerable None
LineRate None 2.5.0 - 2.6.1 Not vulnerable None
F5 WebSafe None 1.0.0 Not vulnerable None
Traffix SDC None 4.0.0 - 4.4.0 Not vulnerable None
3.3.2 - 3.5.1
Note: As of February 17, 2015, AskF5 Security Advisory articles include
the Severity value. Security Advisory articles published before this date
do not list a Severity value.
*This vulnerability affects only 32-bit based systems. To determine if
your BIG-IP device is a 32-bit based system, you can type the following
command from the BIG-IP command line:
uname -m
32-bit systems will return i686 or i386 and 64-bit systems will return
x86_64.
Recommended Action
The F5 vulnerability severity has been marked as LOW due to the requirement
that the attacker has local access and exposes partial confidentiality
and/or integrity.
To mitigate this vulnerability for the BIG-IP system, you should permit
management access to F5 products only over a secure network, and limit
shell access to trusted users. For more information, refer to SOL13309:
Restricting access to the Configuration utility by source IP address (11.x)
and SOL13092: Overview of securing access to the BIG-IP system.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVd0eqX6ZAP0PgtI9AQJhoA/+Pl3aXD6V5SP/OA5ELjeSssCeoFkhYFI1
oKeDGGEARA2nEa2DLE8gaGLAIv2zAuHxdN0Sw2la7goeYsus/7AgWBt5nYslhzUu
rXyfm398PTL5urFpgQLIJMt3JjFUdDqc5kNv9pHUh1ByTOWBKcEyn2kctCBWGmyq
fiPjcPTLqH3SDPpud7OteyC1k6e/vCC4J7gYX0UvatJMcvHlR3ZntMeBGGaAIZQ5
2mXQfRr8zueQ68SnF13+W0MV1TprydVPi2H9rZ5J4qjEbPzO7F275m0/UWB0Vuiu
zDr+ShhEdHaaPYwSPTj4fg/+oU0axd1nOVm9PqBSrUaR/mNVZBBQu5/ZfdXl0l6t
fILQBMjHx2+IOjW2xl5sb+G53eb5U262TBeO2/WH0EcpL6SIYtrlReMucAUWDHHY
QT43xIYTng8ySuOV4sIgpQ7pLEv8vzQut89OeTGjux74WYIZuYMexqtms2vN2Q9B
sNPqkpcSONRew0XGtkS2kl/fdpUjA3I0sTWFLZPhGa1Vy2J9QiYkt7zloVHH/3oh
Gza0+FUnzWm6kBJtHXyQyWq/1DWkyAxwBI4MFMxGhnHUShPr/xrsB8Z6GVyGZ0w7
4sb9AYrhRFh6rGHsGkm2OgsuA1giCtkwkHXXU1kaTGR5+ryi3W4dqW7nrmz5sj1V
27AKU2sRnXM=
=4KQE
-----END PGP SIGNATURE-----