Lucene search

K
f5F5F5:K15366
HistoryJun 25, 2014 - 12:00 a.m.

K15366 : OpenSSL DTLS vulnerability CVE-2009-1377

2014-06-2500:00:00
my.f5.com
7

AI Score

7.3

Confidence

High

EPSS

0.058

Percentile

93.4%

Security Advisory Description

Description

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of “future epoch” DTLS records that are buffered in a queue, aka “DTLS record buffer limitation bug.” (CVE-2009-1377)

Impact

None. No F5 products are vulnerable to this vulnerability.

Status

F5 Product Development has evaluated the currently supported releases for potential vulnerability.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature
BIG-IP LTM None
11.0.0 - 11.5.1
10.0.0 - 10.2.4
None
BIG-IP AAM None 11.4.0 - 11.5.1 None
BIG-IP AFM None 11.3.0 - 11.5.1 None
BIG-IP Analytics None 11.0.0 - 11.5.1 None
BIG-IP APM None 11.0.0 - 11.5.1
10.1.0 - 10.2.4 None
BIG-IP ASM None 11.0.0 - 11.5.1
10.0.0 - 10.2.4 None
BIG-IP Edge Gateway
None 11.0.0 - 11.3.0
10.1.0 - 10.2.4 None
BIG-IP GTM None 11.0.0 - 11.5.1
10.0.0 - 10.2.4 None
BIG-IP Link Controller None
11.0.0 - 11.5.1
10.0.0 - 10.2.4
None
BIG-IP PEM None
11.3.0 - 11.5.1
None
BIG-IP PSM None 11.0.0 - 11.4.1
10.0.0 - 10.2.4 None
BIG-IP WebAccelerator None 11.0.0 - 11.3.0
10.0.0 - 10.2.4 None
BIG-IP WOM None 11.0.0 - 11.3.0
10.0.0 - 10.2. None
ARX None 6.0.0 - 6.4.0 None
Enterprise Manager None 3.0.0 - 3.1.1
2.1.0 - 2.3.0 None
FirePass None 7.0.0
6.0.0 - 6.1.0 None
BIG-IQ Cloud None
4.0.0 - 4.3.0
None
BIG-IQ Device None
4.2.0 - 4.3.0
None
BIG-IQ Security None
4.0.0 - 4.3.0
None
LineRate None 2.4.0
2.3.0 - 2.3.1
2.2.0 - 2.2.4
1.6.0 - 1.6.3 None

Recommended Action

None

Supplemental Information