Operating System:

[Appliance]

Published:

09 September 2015

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2015.2366 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2366
              gsol17238: Node.js vulnerability CVE-2015-5380
                             9 September 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-5380  

Original Bulletin: 
   https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17238.html

- --------------------------BEGIN INCLUDED TEXT--------------------

gsol17238: Node.js vulnerability CVE-2015-5380 Security Advisory

Original Publication Date: 09/08/2015

Description

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in
Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x
before 2.3.3, and other products, does not verify that there is memory
available for a UTF-16 surrogate pair, which allows remote attackers to
cause a denial of service (memory corruption) or possibly have unspecified
other impact via a crafted byte sequence. (CVE-2015-5380)

Impact

    For the f5-rest-node package on both the BIG-IP and BIG-IQ systems: A
    locally authenticated attacker with access to the command line may be
    able to cause a partial denial-of-service (DoS) to the system through
    exploitation of this issue.
    For the BIG-IQ UI node package: A remote attacker may be able to cause a
    denial of service (DoS) to the system through exploitation of this issue.

Status

F5 Product Development has assigned ID 534090 and ID 534358 (BIG-IP),
ID 537658 (BIG-IQ), and LRS-59013 (LineRate) to this vulnerability, and
has evaluated the currently supported releases for potential vulnerability.

To determine if your release is known to be vulnerable, the components
or features that are affected by the vulnerability, and for information
about releases or hotfixes that address the vulnerability, refer to the
following table:

Product 	Versions known to be vulnerable 	Versions known to be not vulnerable 	Severity 	Vulnerable component or feature

BIG-IP LTM 	12.0.0					11.0.0 - 11.5.0				Low 		f5-rest-node package
		11.5.0 - 11.6.0				10.1.0 - 10.2.4

BIG-IP AAM 	12.0.0					11.4.0 - 11.4.1				Low 		f5-rest-node package
		11.5.0 - 11.6.0

BIG-IP AFM 	12.0.0					11.3.0 - 11.4.1				Low 		f5-rest-node package
		11.5.0 - 11.6.0

BIG-IP 		12.0.0					11.0.0 - 11.4.1				Low	 	f5-rest-node package
Analytics	11.5.0 - 11.6.0

BIG-IP APM 	12.0.0					11.0.0 - 11.4.1				Low	 	f5-rest-node package
		11.5.0 - 11.6.0				10.1.0 - 10.2.4

BIG-IP ASM 	12.0.0					11.0.0 - 11.4.1				Low	 	f5-rest-node package
		11.5.0 - 11.6.0				10.1.0 - 10.2.4

BIG-IP DNS 	12.0.0 					None			 		Low 		f5-rest-node package

BIG-IP Edge 	None					11.0.0 - 11.3.0				Not vulnerable	None
Gateway							10.1.0 - 10.2.4

BIG-IP GTM 	11.5.0 - 11.6.0				10.1.0 - 10.2.4				Low 		f5-rest-node package
		11.0.0 - 11.4.1
	
BIG-IP Link  	12.0.0					11.0.0 - 11.4.1				Low 		f5-rest-node package
Controller	11.5.0 - 11.6.0				10.1.0 - 10.2.4

BIG-IP PEM 	11.5.0 - 11.6.0				11.3.0 - 11.4.1				Low	 	f5-rest-node package
		
BIG-IP PSM 	None					11.0.0 - 11.4.1				Not vulnerable 	None
							10.1.0 - 10.2.4

BIG-IP 		None					11.0.0 - 11.3.0				Not vulnerable 	None
WebAccelerator 						10.1.0 - 10.2.4

BIG-IP WOM 	None					11.0.0 - 11.3.0				Not vulnerable 	None
							10.1.0 - 10.2.4

ARX	 	None					6.0.0 - 6.4.0				Not vulnerable 	None

Enterprise  	None					3.0.0 - 3.1.1				Not vulnerable 	None
Manager

FirePass 	None					7.0.0					Not vulnerable 	None
							6.0.0 - 6.1.0

BIG-IQ Cloud 	4.0.0 - 4.5.0				None					High 		BIG-IQ UI node package
														f5-rest-node package

BIG-IQ Device 	4.2.0 - 4.5.0				None					High 		BIG-IQ UI node package
														f5-rest-node package

BIG-IQ Security 4.0.0 - 4.5.0				None					High 		BIG-IQ UI node package	
														f5-rest-node package

BIG-IQ ADC 	4.5.0					None					High 		BIG-IQ UI node package
														f5-rest-node package

LineRate 	2.5.0 - 2.6.1				None					Medium 		v8, node.js, io.js

F5 WebSafe 	None					1.0.0					Not vulnerable 	None

Traffix SDC 	None					4.0.0 - 4.4.0				Not vulnerable 	None
							3.3.2 - 3.5.1

Note: As of February 17, 2015, AskF5 Security Advisory articles include
the Severity value. Security Advisory articles published before this date
do not list a Severity value.

Recommended Action

If the previous table lists a version in the Versions known to be not
vulnerable column, you can eliminate this vulnerability by upgrading to
the listed version. If the listed version is older than the version you
are currently running, or if the table does not list any version in the
column, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values
published in the previous table. The Severity values and other security
vulnerability parameters are defined in SOL4602: Overview of the F5 security
vulnerability response policy.

There is no mitigation for this vulnerability. However, F5 recommends that
you permit management access to affected F5 products only over a secure
network, and limit shell access to trusted users. For more information about
securing access to BIG-IP systems, refer to SOL13309: Restricting access
to the Configuration utility by source IP address (11.x) and SOL13092:
Overview of securing access to the BIG-IP system.

Supplemental Information

    SOL9970: Subscribing to email notifications regarding F5 products
    SOL9957: Creating a custom RSS feed to view new and updated documents
    SOL4918: Overview of the F5 critical issue hotfix policy
    SOL167: Downloading software and firmware from F5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVe/AuX6ZAP0PgtI9AQKCDA/+PJtMKZ3S8EV5K8pSiJW6iDkINFov3cMX
elomtfSV9EEh5IZIXzoR/spJ8VA8VulMTUKhycwuNCyo+/TpyB1TUupo6InPt/ht
PnWNQmxmNBSBSxFZDo8JmKDACpmrzv6vQsBEX4ASgcp3+7yx5Fd5HELttLfZ7x9N
gJBTBUr6pkpaPCW1F4eH1qIDuuS3VLafWghLszDd3IZmfw/FFCOArq4oDGVB1ZhA
uHGzW90qmEVy3+QeYLmvl7yKPsmmxh9kIL7rkeXbuhBqpgpL4+Z958KD0ZrK1jhM
jNzSjs8CRpKASqhqD/IntXIBTm2BInYt/UAfBbPGCDAkrz13gKXLJRwKeFC/T3F7
W6kfR3TRvU1DF63WJbTFaVl97bZFrMJWHJixaHFKILwrPcQt6bkxYUR2+Yifdoza
4FMW1g67VqQoEafG5acfU1ho8a40tnZP5dQVC4rOPVWK/VjhhhtHjWNPY6mSW2Mz
RZCVoVbmksIFBesDpZW4+J+BCgQl95kuIk0/nSMnvaglx6JEYXRDX/hxMmCwWDrV
Ny5xFSN0XMAcbfj77EF4MfHE01xXdvW7KZQHkTB7NHfSB41uuAC1JaMMvEen2oaW
ZQynw7L1OVe+1BIspXkKL0ksa3rssUiAapcbQN8USRTWq7lt4omq8mOlKOcB3efs
LuMALK7ngt0=
=2XvR
-----END PGP SIGNATURE-----