K13605 : FirePass sudo vulnerability - CVE-2012-2053

Security Advisory Description

Description

F5 has identified a possible sudo vulnerability for FirePass. FirePass does not require a password to execute sudo commands with elevated permissions. FirePass is designed to function as a closed-box appliance with no user-level access to the underlying operating system. A successful attack would require an attacker to gain access to the operating system prior to executing any command with elevated privileges.

Impact

An attacker may be able to exploit the vulnerability and execute system level commands if access is first gained to the underlying operating system.

Status

F5 Product Development has assigned ID 383963 to this vulnerability. To find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table:

Recommended action

F5 recommends that you upgrade to the latest FirePass hotfix to ensure that you have the latest security updates.

Supplemental Information

• CERT advisory regarding CVE-2012-2053
• K167: Downloading software and firmware from F5
• K10322: FirePass hotfix matrix
• K3430: Installing FirePass hotfixes
• K9970: Subscribing to email notifications regarding F5 products
• K9957: Creating a custom RSS feed to view new and updated documents.
• K4602: Overview of the F5 security vulnerability response policy
• K4918: Overview of the F5 critical issue hotfix policy
• K8388: Command line, Telnet, and SSH access to FirePass controllers

Acknowledgments

F5 would like to acknowledge SEC Consult for their efforts in identifying this issue.