| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of F5 BIG-IP TMOS
OpenSSH: NULL pointer dereference via a NEWKEYS message
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Data ONTAP, OpenSSH, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 22/01/2018.
Identifiers: CVE-2016-10708, DLA-1257-1, DLA-1500-1, DLA-1500-2, K32485746, NTAP-20180423-0003, openSUSE-SU-2018:2128-1, SUSE-SU-2018:1989-1, SUSE-SU-2018:2275-1, SUSE-SU-2018:2530-1, SUSE-SU-2018:2685-1, VIGILANCE-VUL-25131.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced in OpenSSH via an out of order NEWKEYS message, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
F5 BIG-IP: Man-in-the-Middle via a wrong X.509 validation
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle againt F5 BIG-IP, in order to read or write data in the session.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 19/01/2018.
Identifiers: CERTFR-2018-AVI-045, CVE-2017-6142, K20682450, VIGILANCE-VUL-25125.
Description of the vulnerability
The F5 BIG-IP product uses the TLS/IPsec protocol, in order to create secure sessions.
However, the X.509 certificate and the service identity are not correctly checked.
An attacker can therefore act as a Man-in-the-Middle againt F5 BIG-IP, in order to read or write data in the session.
Complete Vigil@nce bulletin.... (Free trial) |
F5 BIG-IP AFM: SQL injection via Configuration Utility
Synthesis of the vulnerability
An attacker can use a SQL injection via Configuration Utility of F5 BIG-IP AFM, in order to read or alter data.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 20/12/2017.
Identifiers: CVE-2017-0304, K39428424, VIGILANCE-VUL-24831.
Description of the vulnerability
The F5 BIG-IP AFM product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via Configuration Utility of F5 BIG-IP AFM, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial) |
F5 BIG-IP PEM: Man-in-the-Middle via TAC Database
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 17/07/2017.
Identifiers: CVE-2017-6144, K81601350, VIGILANCE-VUL-23269.
Description of the vulnerability
The F5 BIG-IP PEM product uses the TLS protocol, in order to create secure sessions.
However, the X.509 certificate and the service identity are not correctly checked.
An attacker can therefore act as a Man-in-the-Middle via TAC Database on F5 BIG-IP PEM, in order to read or write data in the session.
Complete Vigil@nce bulletin.... (Free trial) |
ISC BIND: two vulnerabilities via TSIG Authentication
Synthesis of the vulnerability
An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.
Description of the vulnerability
Several vulnerabilities were announced in ISC BIND.
An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]
An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial) |
BIG-IP APM: Cross Site Scripting via Access Reports
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Access Reports of BIG-IP APM, in order to run JavaScript code in the context of the web site.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 09/05/2017.
Identifiers: CVE-2016-9257, K43523962, VIGILANCE-VUL-22667.
Description of the vulnerability
The BIG-IP APM product offers a web service.
However, it does not filter received data via Access Reports before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Access Reports of BIG-IP APM, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
NTP.org: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of NTP.org.
Impacted products: Mac OS X, Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, McAfee Web Gateway, Meinberg NTP Server, NetBSD, NTP.org, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, Slackware, Spectracom SecureSync, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, VxWorks.
Severity: 2/4.
Creation date: 22/03/2017.
Revision date: 30/03/2017.
Identifiers: APPLE-SA-2017-09-25-1, bulletinapr2017, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464, FEDORA-2017-5ebac1c112, FEDORA-2017-72323a442f, FreeBSD-SA-17:03.ntp, HT208144, K02951273, K07082049, K32262483, K-511308, K99254031, NTP-01-002, NTP-01-003, NTP-01-004, NTP-01-007, NTP-01-008, NTP-01-009, NTP-01-012, NTP-01-014, NTP-01-016, PAN-SA-2017-0022, RHSA-2017:3071-01, RHSA-2018:0855-01, SA147, SB10201, SSA:2017-112-02, TALOS-2016-0260, USN-3349-1, VIGILANCE-VUL-22217, VU#633847.
Description of the vulnerability
Several vulnerabilities were announced in NTP.org.
An attacker can tamper with packet timestamp, in order to make target trafic dropped. [severity:2/4; CVE-2016-9042]
An attacker can generate a buffer overflow via ntpq, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6460, NTP-01-002]
An attacker can generate a buffer overflow via mx4200_send(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6451, NTP-01-003]
An attacker can generate a buffer overflow via ctl_put(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-6458, NTP-01-004]
An attacker can generate a buffer overflow via addKeysToRegistry(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6459, NTP-01-007]
An attacker can generate a buffer overflow in the MS-Windows installer, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6452, NTP-01-008]
An attacker can define the PPSAPI_DLLS environment variable, in order to make the server run a library with hight privileges. [severity:2/4; CVE-2017-6455, NTP-01-009]
An authenticated attacker can submit an invalid configuration directive, to trigger a denial of service. [severity:2/4; CVE-2017-6463, NTP-01-012]
A privileged attacker can generate a buffer overflow via datum_pts_receive(), in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2017-6462, NTP-01-014]
An authenticated attacker can submit an invalid configuration directive "mode", to trigger a denial of service. [severity:2/4; CVE-2017-6464, NTP-01-016]
Complete Vigil@nce bulletin.... (Free trial) |
Linux kernel: denial of service via the module drm/vmwgfx
Synthesis of the vulnerability
A local attacker can use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 27/03/2017.
Identifiers: 1435719, CERTFR-2017-AVI-141, CERTFR-2017-AVI-158, CERTFR-2017-AVI-162, CERTFR-2017-AVI-275, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-7261, DLA-922-1, FEDORA-2017-02174df32f, FEDORA-2017-93dec9eba5, K63771715, openSUSE-SU-2017:1140-1, openSUSE-SU-2017:1215-1, SUSE-SU-2017:1183-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3291-1, USN-3291-2, USN-3291-3, USN-3293-1, USN-3361-1, USN-3406-1, USN-3406-2, VIGILANCE-VUL-22260.
Description of the vulnerability
The Linux kernel includes a video driver vmwgfx for guests systems running under VMware ESX.
This driver defines a device "/dev/dri/renderD128" which accepts ioctl system calls. However, the routine vmw_surface_define_ioctl() that implements ioctl calls does not rightly check its argument "num_sizes". A null value leads to a bad memory allocation, then to an invalid pointer dereference and a fatal exception. See also VIGILANCE-VUL-22282 et VIGILANCE-VUL-22298.
A local attacker can therefore use an ioctl system call to the video device driver vmwgfx of the Linux kernel, in order to make the kernel panic.
Complete Vigil@nce bulletin.... (Free trial) |
F5 BIG-IP: information disclosure via TLS
Synthesis of the vulnerability
A local attacker can read a memory fragment via the TLS signaling of F5 BIG-IP, in order to get sensitive information.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 10/02/2017.
Identifiers: CVE-2016-9244, K05121675, VIGILANCE-VUL-21800.
Description of the vulnerability
The F5 BIG-IP product includes a TLS client.
However, when the TLS option "Session Tickets" does not have the vendor defined default value, the content of an uninitialized memory area of length at most 31 bytes, is returned to the client.
A local attacker can therefore read a memory fragment via the TLS signaling of F5 BIG-IP, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
ISC BIND: assertion error via the combination DNS64+RPZ
Synthesis of the vulnerability
An attacker can force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, BIND, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 09/02/2017.
Identifiers: bulletinjul2018, CVE-2017-3135, DLA-843-1, DSA-3795-1, FEDORA-2017-27099c270a, FEDORA-2017-2b46c8b6c2, FEDORA-2017-96b7f4f53e, FEDORA-2017-d0c9bf9508, HPESBUX03747, JSA10799, K80533167, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2017:0620-1, RHSA-2017:0276-01, SSA:2017-041-01, USN-3201-1, VIGILANCE-VUL-21790.
Description of the vulnerability
The ISC BIND product is a DNS server.
It can compute responses for IPv6 address queries from data for IPv4 addresses. However, when this function is enabled and that the function "Response Policy Zone" is also enabled, an assertion may be evaluated as false, which stops the process with a SIGABORT signal.
An attacker can therefore force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about F5 BIG-IP TMOS:
|