F5F5:K15680K15680 : Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
6.9 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.071 Low
EPSS
Percentile
93.4%
Security Advisory Description
Description
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count.
Note: To be a local user, you must authenticate and gain some shell access to attack the BIG-IP system with this. To have that capability, an admin, root, or customized user role is necessary to gain shell access. There is no known impact to the Traffic Management Microkernel (TMM) other than an attacker crashing the system by issuing the commandrm -rf /boot/*; reboot. The risk of exploitation is LOW given the conditions required.
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
Note: SCTP is not impacted on the data plane. This only impacts the control plane (non-TMM related tasks) and only if the SCTP kernel module is loaded. The SCTP kernel is not loaded by default. An attacker cannot control loading of the SCTP kernel module.
Impact
These vulnerabilities may cause disruption of service, unauthorized disclosure of information, and unauthorized modification.
Status
F5 Product Development has assigned ID 479429 (BIG-IP), ID 480424 (BIG-IQ), ID 480425 (Enterprise Manager) and ID 461496 (ARX) to this vulnerability.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
|---|---|---|---|
| BIG-IP LTM | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | 12.0.0 | Linux kernel | |
| BIG-IP AAM | 11.4.0 - 11.6.0 | 12.0.0 | Linux kernel |
| BIG-IP AFM | 11.3.0 - 11.6.0 | 12.0.0 | Linux kernel |
| BIG-IP Analytics | 11.0.0 - 11.6.0 | 12.0.0 | Linux kernel |
| BIG-IP APM | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | 12.0.0 | Linux kernel | |
| BIG-IP ASM | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | 12.0.0 | Linux kernel | |
| BIG-IP DNS | None | 12.0.0 | None |
| BIG-IP Edge Gateway | 11.0.0 - 11.3.0 | ||
| 10.1.0 - 10.2.4 | None | Linux kernel | |
| BIG-IP GTM | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | None | Linux kernel | |
| BIG-IP Link Controller | 11.0.0 - 11.6.0 | ||
| 10.0.0 - 10.2.4 | 12.0.0 | Linux kernel | |
| BIG-IP PEM | 11.3.0 - 11.6.0 | 12.0.0 | Linux kernel |
| BIG-IP PSM | 11.0.0 - 11.4.1 | ||
| 10.0.0 - 10.2.4 | None | Linux kernel | |
| BIG-IP WebAccelerator | 11.0.0 - 11.3.0 | ||
| 10.0.0 - 10.2.4 | None | Linux kernel | |
| BIG-IP WOM | 11.0.0 - 11.3.0 | ||
| 10.0.0 - 10.2.4 | None | Linux kernel | |
| ARX | 6.0.0 - 6.4.0 | None | Linux kernel |
| Enterprise Manager | 3.0.0 - 3.1.1 | ||
| 2.1.0 - 2.3.0 | None | Linux kernel | |
| FirePass | None | 7.0.0 | |
| 6.0.0 - 6.1.0 | None | ||
| BIG-IQ Cloud | 4.0.0 - 4.4.0 | None | Linux kernel |
| BIG-IQ Device | 4.2.0 - 4.4.0 | None | Linux kernel |
| BIG-IQ Security | 4.0.0 - 4.4.0 | None | Linux kernel |
| LineRate | None | 2.4.0 - 2.4.1 | |
| 2.2.0 - 2.2.5 | |||
| 1.6.0 - 1.6.4 | None |
Recommended Action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 is responding to this vulnerability as determined by the parameters defined in K4602: Overview of the F5 security vulnerability response policy.
Supplemental Information
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.3.0 | |
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip analytics | eq | 11.0.0 |
Related
6.9 Medium
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.071 Low
EPSS
Percentile
93.4%