|
|
ASB-2012.0007 - [Appliance] BIG-IP LTM: Denial of service - Remote/unauthenticated |
|
Date: 12 January 2012 Original URL: http://www.auscert.org.au/render.html?cid=10415&it=15335 References: ESB-2011.0870.2 ASB-2011.0076.2 ASB-2012.0009 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0007
A denial of service vulnerability has been fixed in BIG-IP
12 January 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIG-IP LTM
Operating System: Network Appliance
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3192
Member content until: Saturday, February 11 2012
Reference: ASB-2011.0076.2
ESB-2011.0870.2
Comment: Please note that this vulnerability is being actively exploited.
OVERVIEW
A denial of service vulnerability has been fixed in BIG-IP.
IMPACT
The National Vulnerability Database describes CVE-2011-3192 as follows:
"The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header that
expresses multiple overlapping ranges, as exploited in the wild in
August 2011..." [1]
MITIGATION
The vendor has provided the following information about the
fix:
"Byte Range requests sent to the Admin GUI or an APM login page are now
limited to at most 5 byte range sets, to prevent the vulnerability
described in CVE-2011-3192." [2][3]
The fix is included in versions 10.2.3 and 11.1.0. [2][3]
REFERENCES
[1] Vulnerability Summary for CVE-2011-3192
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192
[2] Release Note: BIG-IP LTM and TMOS version 10.2.3
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes-LTM-10-2-3.html
[3] Release Note: BIG-IP LTM and TMOS version 11.1.0
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-1-0.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTw9/Ju4yVqjM2NGpAQLXTg/+NU1BMlascjtIJDaPiPl7dt0S6HphQh6x
r4v9rOrta2q7yVgfSdVH2W8z9+7tFfzpohi9h9tNfX1mlcgMYq5+3n8dy1kh0DpI
YONcgX2XhxsGp9AE2XFI9PVMeo4jBXAES+aPTwOFVUX3hkGBWfLRf8qiFHOG8IfY
w26Is1EziPslW538KpAC7YqIFtrmV0ATPKAgzo5Htx0hWU0wu9rvVRzo3MdBMaaQ
9SekEDiQTNN8YujHcEYGPkE24Uf1Uhw1Fsb0ePKJIQeiGFGYKY0O42SXCvC7+ETO
HzEeejLEBFCEHvG1rnNB/FH1PUnDwVQg7RQyXX7VxGm8RaVGG4kBdAWNj7DkJKB3
GzVBahe2dyIMieF4fioks6NujJ7/CpCMmNh6S7gBsYQvjGtvh0xrYh0hswtvzQxc
SliRBmn+6+Vm9QRhSdMHtdX7u17OeD+EZOAGBkH8HznNvVyRKsrkydD4V29JwfH/
Df6itbQGZtrJRioai8NoMtMs6vOJG8DsUVvY+VqZqpSood/ztXpcitcVyBn61oxl
SaMFV9EgavJthT2SuEpOTdaNFT0BMtU6kAg2SNv0U2YQKYz/G4CC2lr5j35sqV63
C2KqLWF+IdAW7Q2FzsUa+cQQhiMWyWznqYrfi7mvXoXuPZxDgIGh8U8ZzsiT20wl
1HKcVxKX5h0=
=Ep7c
-----END PGP SIGNATURE-----
|