The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of F5 BIG-IP TMOS

vulnerability alert CVE-2016-10708

OpenSSH: NULL pointer dereference via a NEWKEYS message

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Data ONTAP, OpenSSH.
Severity: 2/4.
Creation date: 22/01/2018.
Identifiers: CVE-2016-10708, DLA-1257-1, K32485746, NTAP-20180423-0003, VIGILANCE-VUL-25131.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6142

F5 BIG-IP: Man-in-the-Middle via a wrong X.509 validation

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle againt F5 BIG-IP, in order to read or write data in the session.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 19/01/2018.
Identifiers: CERTFR-2018-AVI-045, CVE-2017-6142, K20682450, VIGILANCE-VUL-25125.

Description of the vulnerability

The F5 BIG-IP product uses the TLS/IPsec protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked.

An attacker can therefore act as a Man-in-the-Middle againt F5 BIG-IP, in order to read or write data in the session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-0304

F5 BIG-IP AFM: SQL injection via Configuration Utility

Synthesis of the vulnerability

An attacker can use a SQL injection via Configuration Utility of F5 BIG-IP AFM, in order to read or alter data.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 20/12/2017.
Identifiers: CVE-2017-0304, K39428424, VIGILANCE-VUL-24831.

Description of the vulnerability

The F5 BIG-IP AFM product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Configuration Utility of F5 BIG-IP AFM, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-6144

F5 BIG-IP PEM: Man-in-the-Middle via TAC Database

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 17/07/2017.
Identifiers: CVE-2017-6144, K81601350, VIGILANCE-VUL-23269.

Description of the vulnerability

The F5 BIG-IP PEM product uses the TLS protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked.

An attacker can therefore act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9257

BIG-IP APM: Cross Site Scripting via Access Reports

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Access Reports of BIG-IP APM, in order to run JavaScript code in the context of the web site.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 09/05/2017.
Identifiers: CVE-2016-9257, K43523962, VIGILANCE-VUL-22667.

Description of the vulnerability

The BIG-IP APM product offers a web service.

However, it does not filter received data via Access Reports before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Access Reports of BIG-IP APM, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9042 CVE-2017-6451 CVE-2017-6452

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Mac OS X, Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, Spectracom SecureSync, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 2/4.
Creation date: 22/03/2017.
Revision date: 30/03/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinapr2017, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, FEDORA-2017-5ebac1c112, FEDORA-2017-72323a442f, FreeBSD-SA-17:03.ntp, HT208144, K02951273, K07082049, K32262483, K-511308, K99254031, NTP-01-002, NTP-01-003, NTP-01-004, NTP-01-007, NTP-01-008, NTP-01-009, NTP-01-012, NTP-01-014, NTP-01-016, PAN-SA-2017-0022, RHSA-2017:3071-01, RHSA-2018:0855-01, SA147, SB10201, SSA:2017-112-02, TALOS-2016-0260, USN-3349-1, VIGILANCE-VUL-22217, VU#633847.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can tamper with packet timestamp, in order to make target trafic dropped. [severity:2/4; CVE-2016-9042]

An attacker can generate a buffer overflow via ntpq, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6460, NTP-01-002]

An attacker can generate a buffer overflow via mx4200_send(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6451, NTP-01-003]

An attacker can generate a buffer overflow via ctl_put(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6458, NTP-01-004]

An attacker can generate a buffer overflow via addKeysToRegistry(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6459, NTP-01-007]

An attacker can generate a buffer overflow in the MS-Windows installer, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6452, NTP-01-008]

An attacker can define the PPSAPI_DLLS environment variable, in order to make the server run a library with hight privileges. [severity:2/4; CVE-2017-6455, NTP-01-009]

An authenticated attacker can submit an invalid configuration directive, to trigger a denial of service. [severity:2/4; CVE-2017-6463, NTP-01-012]

A privileged attacker can generate a buffer overflow via datum_pts_receive(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6462, NTP-01-014]

An authenticated attacker can submit an invalid configuration directive "mode", to trigger a denial of service. [severity:2/4; CVE-2017-6464, NTP-01-016]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-7261

Linux kernel: denial of service via the module drm/vmwgfx

Synthesis of the vulnerability

A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 27/03/2017.
Identifiers: 1435719, CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-275, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7261, DLA-922-1, FEDORA-2017-02174df32f, FEDORA-2017-93dec9eba5, K63771715, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3361-1, USN-3406-1, USN-3406-2, VIGILANCE-VUL-22260.

Description of the vulnerability

The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.

This driver defines a device "/dev/dri/renderD128" which accepts ioctl system calls. However, the routine vmw_surface_define_ioctl() that implements ioctl calls does not rightly check its argument "num_sizes". A null value leads to a bad memory allocation, then to an invalid pointer dereference and a fatal exception. See also VIGILANCE-VUL-22282 et VIGILANCE-VUL-22298.

A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-9244

F5 BIG-IP: information disclosure via TLS

Synthesis of the vulnerability

A local attacker can read a memory fragment via the TLS signaling of F5 BIG-IP, in order to get sensitive information.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 10/02/2017.
Identifiers: CVE-2016-9244, K05121675, VIGILANCE-VUL-21800.

Description of the vulnerability

The F5 BIG-IP product includes a TLS client.

However, when the TLS option "Session Tickets" does not have the vendor defined default value, the content of an uninitialized memory area of length at most 31 bytes, is returned to the client.

A local attacker can therefore read a memory fragment via the TLS signaling of F5 BIG-IP, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-3135

ISC BIND: assertion error via the combination DNS64+RPZ

Synthesis of the vulnerability

An attacker can force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, BIND, Juniper J-Series, JUNOS, SRX-Series, openSUSE Leap, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 09/02/2017.
Identifiers: CVE-2017-3135, DLA-843-1, DSA-3795-1, FEDORA-2017-27099c270a, FEDORA-2017-2b46c8b6c2, FEDORA-2017-96b7f4f53e, FEDORA-2017-d0c9bf9508, HPESBUX03747, JSA10799, K80533167, openSUSE-SU-2017:0620-1, RHSA-2017:0276-01, SSA:2017-041-01, USN-3201-1, VIGILANCE-VUL-21790.

Description of the vulnerability

The ISC BIND product is a DNS server.

It can compute responses for IPv6 address queries from data for IPv4 addresses. However, when this function is enabled and that the function "Response Policy Zone" is also enabled, an assertion may be evaluated as false, which stops the process with a SIGABORT signal.

An attacker can therefore force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about F5 BIG-IP TMOS: