ESB-2017.2349 - [Appliance] F5 Products: Denial of service - Existing account 2017-09-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2349
              K11220361: LibTIFF vulnerability CVE-2015-1547
                             15 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 Products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Mitigation
CVE Names:         CVE-2015-1547  

Reference:         ESB-2016.1873

Original Bulletin: 
   https://support.f5.com/csp/article/K11220361

- --------------------------BEGIN INCLUDED TEXT--------------------

K11220361: LibTIFF vulnerability CVE-2015-1547

Security Advisory

Original Publication Date: Sep 14, 2017

Applies to (see versions):

Security Advisory Description

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to 
cause a denial of service (uninitialized memory access) via a crafted TIFF 
image, as demonstrated by libtiff5.tif. (CVE-2015-1547)

Impact

This vulnerability allows a remote attacker to cause a denial-of-service (DoS)
attack. BIG-IP systems that use a BIG-IP AAM or BIG-IP WebAccelerator policy 
configured with the Image Optimization settings enabled for TIFF files are 
vulnerable to this issue.

Security Advisory Status

F5 Product Development has assigned ID 642659 (BIG-IP) to this vulnerability.

To determine if your release is known to be vulnerable, the components or 
features that are affected by the vulnerability, and for information about 
releases or hotfixes that address the vulnerability, refer to the following 
table:

Product                         Versions known             Versions known to         Severity        Vulnerable component or feature
                                to be vulnerable        be not vulnerable
                                
BIG-IP LTM                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
                                                        11.2.1
BIG-IP AAM                      13.0.0                  None                    Medium          AAM or WebAccelerator policy configured 
                                                                                                with image optimization enabled for TIFF files.
                                12.0.0 - 12.1.2
                                11.4.1 - 11.6.1
BIG-IP AFM                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
BIG-IP Analytics                None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
                                                        11.2.1
BIG-IP APM                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
                                                        11.2.1
BIG-IP ASM                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
                                                        11.2.1
BIG-IP DNS                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
BIG-IP Edge Gateway             None                    11.2.1                  Not vulnerable  None
BIG-IP GTM                      None                    11.4.1 - 11.6.1         Not vulnerable  None
                                                        11.2.1
BIG-IP Link Controller          None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
                                                        11.2.1
BIG-IP PEM                      None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.4.1 - 11.6.1
BIG-IP PSM                      None                    11.4.1                  Not vulnerable  None
BIG-IP WebAccelerator           11.2.1                  None                    Medium          AAM or WebAccelerator policy configured 
                                                                                                with image optimization enabled for TIFF files.
BIG-IP WebSafe                  None                    13.0.0                  Not vulnerable  None
                                                        12.0.0 - 12.1.2
                                                        11.6.0 - 11.6.1
ARX                             None                    6.2.0 - 6.4.0           Not vulnerable  None
Enterprise Manager              None                    3.1.1                   Not vulnerable  None
BIG-IQ Cloud                    None                    4.4.0 - 4.5.0           Not vulnerable  None
BIG-IQ Device                   None                    4.4.0 - 4.5.0           Not vulnerable  None
BIG-IQ Security                 None                    4.4.0 - 4.5.0           Not vulnerable  None
BIG-IQ ADC                      None                    4.5.0                   Not vulnerable  None
BIG-IQ Centralized Management   None                    5.0.0 - 5.3.0           Not vulnerable  None
                                                        4.6.0
BIG-IQ Cloud and Orchestration  None                    1.0.0                   Not vulnerable  None
F5 iWorkflow                    None                    2.0.0 - 2.3.0           Not vulnerable  None
LineRate                        None                    2.5.0 - 2.6.2           Not vulnerable  None
Traffix SDC                     None                    5.0.0 - 5.1.0           Not vulnerable  None
                                                        4.0.0 - 4.4.0

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable 
column, you can eliminate this vulnerability by upgrading to a version listed
in the Versions known to be not vulnerable column. If the table lists only an
older version than what you are currently running, or does not list a 
non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

To mitigate the risk posed by this vulnerability, you can disable image 
optimization for TIFF files that use the BIG-IP AAM or BIG-IP WebAccelerator 
policy, or ensure that attackers cannot modify TIFF files processed by the 
BIG-IP AAM and WebAccelerator systems.

Impact of action: The impact of the suggested mitigation depends on the 
specific environment. F5 recommends that you test any such changes during a 
maintenance window and consider the possible impact on your specific 
environment.

For more information about disabling image optimization, refer to:

BIG-IP AAM: The Accelerating Images with Image Optimization chapter of the 
BIG-IP Acceleration Implementations guide

BIG-IP WebAccelerator: The Accelerating Images with Image Optimization chapter
of the BIG-IP WebAccelerator System Implementations guide

Note: For information about how to locate F5 product guides, refer to 
K12453464: Finding product documentation on AskF5.

Supplemental Information

K9970: Subscribing to email notifications regarding F5 products

K9957: Creating a custom RSS feed to view new and updated documents

K4602: Overview of the F5 security vulnerability response policy

K4918: Overview of the F5 critical issue hotfix policy

K167: Downloading software and firmware from F5

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWbtQUIx+lLeg9Ub1AQiMDA//SlnUvHnIr7PxRaT1bTAqvpyTD8EoTzKc
x8xOAe+eE316L+BcbbcIkuExJEoF77tZP7EboG+ldvuHe6ytuIeL7qJ9WdYNVyxp
TiKf0g+NTu+LBpBg20Mbvnqv6AuiCP21VYPDVEAdgJRDm6InShaqbg9gBNRI7CtL
FC0+/JMX20lDf/v25GuBJGZvbD+2e41RzlMh6Oza92zh4Bo/8K7O5ctcyWUsA+cl
5PNKpl2BhCtKfd505Uk6Ea3neS2ttrjJb8U3GbnJ0Jv6a2EDSXriwjZLsJxGy3DI
/GMyHE1gS5T1HU5UBSgrujrDYrTXpZsmsRS9/2xlCwFMSPBYHtValko5YK/jQrYA
4ublIh7fLKNj5aPvR367eCgzbTW0LY3LNBg9JqRHA1kAhkup7B9GP8vE59ZQqPOt
yEHmRtP8ZgkexCO8R53EcvoSg7kPRVXvyoQRxTgFPhlle/L9Ko1kudsp6W2JN+S8
+nihHRM27BsAES3g8IkKO1VUcAg8IT+OHcyD75/glg4wMT8D61UktcTbXLcYhq07
G/6fHaHMK+UO8CPaHn6xzbt6cNhJSRqPvh/pwzSBeM5xCUElDy04vHQR7LrVT/1F
R8KU1+I+JeG+Y53Wo4c7yE0HzI0LYAqePq4BmIyzZhWKk9Ov3Px2zjkgp3g4P0nO
SeS6Lp6pp70=
=RHy+
-----END PGP SIGNATURE-----

« Back to bulletins