Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0628.3 K51079478: Glibc vulnerability CVE-2015-877 14 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: F5 Products Publisher: F5 Networks Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-8778 Reference: ESB-2017.3226 ASB-2016.0017 ESB-2016.0887 ESB-2016.0394 Original Bulletin: https://support.f5.com/csp/article/K51079478 Revision History: December 14 2018: Updated product table April 5 2018: Updated "Security Advisory Status" section March 5 2018: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- K51079478: glibc vulnerability CVE-2015-8778 Security Advisory Original Publication Date: Apr 08, 2016 Updated Date: Dec 14, 2018 Security Advisory Description Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. (CVE-2015-8778) Impact There is a theoretical risk of an exploit by a user with local shell access. F5 has been unable to reproduce the vulnerability using proof of concept code. Security Advisory Status F5 Product Development has assigned ID 578983 (BIG-IP), CPF-19112 (Traffix SDC), and ID 476571 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H51079478 on the Diagnostics > Identified > Low page. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. +---------------+----------------+-----------------+----------+----------------+ | |Versions known |Versions known to| |Vulnerable | |Product |to be vulnerable|be not vulnerable|Severity |component or | | | | | |feature | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP LTM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.0.0 - 11.6.2 | | | | | |10.1.0 - 10.2.4 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP AAM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.4.0 - 11.6.2 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP AFM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.3.0 - 11.6.2 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | |BIG-IP |14.0.0 |13.1.0 | | | |Analytics |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.0.0 - 11.6.2 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP APM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.0.0 - 11.6.2 | | | | | |10.1.0 - 10.2.4 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP ASM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.0.0 - 11.6.2 | | | | | |10.1.0 - 10.2.4 | | | +---------------+----------------+-----------------+----------+----------------+ | |14.0.0 |14.1.0 | | | |BIG-IP DNS |13.0.0 |13.1.0 |Low |glibc | | |12.0.0 - 12.1.3 |13.0.1 | | | | | |12.1.3.2 | | | +---------------+----------------+-----------------+----------+----------------+ |BIG-IP Edge |None |11.0.0 - 11.3.0 |Not |None | |Gateway | |10.1.0 - 10.2.4 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IP GTM |None |11.0.0 - 11.6.2 |Not |None | | | |10.1.0 - 10.2.4 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP Link |13.0.0 |13.0.1 |Low |glibc | |Controller |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.0.0 - 11.6.2 | | | | | |10.1.0 - 10.2.4 | | | +---------------+----------------+-----------------+----------+----------------+ | | |14.1.0 | | | | |14.0.0 |13.1.0 | | | |BIG-IP PEM |13.0.0 |13.0.1 |Low |glibc | | |12.0.0 - 12.1.3 |12.1.3.2 | | | | | |11.3.0 - 11.6.2 | | | +---------------+----------------+-----------------+----------+----------------+ |BIG-IP PSM |None |11.0.0 - 11.4.1 |Not |None | | | |10.1.0 - 10.2.4 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IP |None |11.0.0 - 11.3.0 |Not |None | |WebAccelerator | |10.1.0 - 10.2.4 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IP WOM |None |11.0.0 - 11.3.0 |Not |None | | | |10.1.0 - 10.2.4 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |ARX |6.0.0 - 6.4.0 |None |Low |glibc | +---------------+----------------+-----------------+----------+----------------+ |Enterprise |None |3.0.0 - 3.1.1 |Not |None | |Manager | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |FirePass |None |7.0.0 |Not |None | | | |6.0.0 - 6.1.0 |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ Cloud |None |4.0.0 - 4.5.0 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ Device |None |4.2.0 - 4.5.0 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ Security|None |4.0.0 - 4.5.0 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ ADC |None |4.5.0 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ | | |Not | | |Centralized |None |None |vulnerable|None | |Management | | | | | +---------------+----------------+-----------------+----------+----------------+ |BIG-IQ Cloud | | |Not | | |and |None |1.0.0 |vulnerable|None | |Orchestration | | | | | +---------------+----------------+-----------------+----------+----------------+ |LineRate |None |2.5.0 - 2.6.1 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |F5 WebSafe |None |1.0.0 |Not |None | | | | |vulnerable| | +---------------+----------------+-----------------+----------+----------------+ |Traffix SDC |4.0.0 - 4.4.0 |None |Low |glibc | | |3.3.2 - 3.5.1 | | | | +---------------+----------------+-----------------+----------+----------------+ Security Advisory Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists. Mitigation None - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBL3+maOgq3Tt24GAQgFXxAAoUUgUvxFumCia3XXc2y6fWU/W89F4uLb wFZZmWVOr7bV8/h/dqSV/BXvRuavy/o3xK9ibwZLUL5C2m9nd4QDLi69WXOeniRX An/nO0vWArYorM8QFyNnUu2mRdpy0pkafhuHTueDj/ATxP8DYSYwmkjo4auQq8lx tpaHirDY1TNfprD+bKwNryjkTL4Laie1tTC4SKBelLd0WrDYwP2bHG3RU1ay5i4K 3fOmMEI5GkJ21TjUZkDLaHmIgQeVBQgOmYcnSGLl9lDzQZDyZYTbc2VpE3bST0MG 7aaQAilHTOzBGScw3FsSu9/sK6bVCcb/MisxIt6jMZBDv8HgH6pXUeq50cyipwCt nfH1PJe6tB2nUfg1D93a7GTYoXCQn7fxhVSmvRCM/LJ5yZs/DP4WDA8S/Y61ekks XOIdzUfE3bz3emAPpTdlDc95LfBrlkBtvkRecXwFLcSCJO4+Ji/L1qW8h10gnrA6 7/n3W4+0dko4fPe/7z0bmztfxhMvkXKp2FtFp8XHoeFOv3z49M0BjTHllV16s6CO jA/Chzt6dHRYGtIVDEQKTf++/lu0sBIH17MObWGaxeuC1Kp77CCQxXEYe7pnMUH3 S+udWjtvijfUPVwpctDxGaQG/Pw+re6nB8sMNywfYVzhoSW/Cv1FOdfZCsbLMidb jlXJgQlwy50= =zwpQ -----END PGP SIGNATURE-----