Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687

2014-12-15T20:43:00
ID F5:K15910
Type f5
Reporter f5
Modified 2018-06-10T01:58:00

Description

F5 Product Development has assigned ID 501305 (BIG-IP), IDs 496023 and 496024 (Enterprise Manager), IDs 496027 and 496028 (BIG-IQ), and ID 495057 (F5 WebSafe) to this vulnerability. Additionally, BIG-IP iHealth may list Heuristic H496043 on the Diagnostics > Identified > High screen.

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature
---|---|---|---
BIG-IP LTM| 11.1.0 - 11.6.0| 12.0.0, 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0| Linux kernel (management interface)
BIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0| Linux kernel (management interface)
BIG-IP Analytics| 11.1.0 - 11.6.0| 12.0.0, 11.0.0| Linux kernel (management interface)
BIG-IP APM| 11.1.0 - 11.6.0| 12.0.0, 11.0.0
10.1.0 - 10.2.4| Linux kernel (management interface)
BIG-IP ASM| 11.1.0 - 11.6.0| 12.0.0, 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP DNS| None| 12.0.0| None
BIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0
10.1.0 - 10.2.4| Linux kernel (management interface)
BIG-IP GTM| 11.1.0 - 11.6.0| 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP Link Controller| 11.1.0 - 11.6.0| 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0| Linux kernel (management interface)
BIG-IP PSM| 11.1.0 - 11.4.1| 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
BIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0
10.0.0 - 10.2.4| Linux kernel (management interface)
ARX| None| 6.0.0 - 6.4.0| None
Enterprise Manager| 3.1.0 - 3.1.1| 3.0.0
2.1.0 - 2.3.0| Linux kernel (management interface)
FirePass| None| 7.0.0
6.0.0 - 6.1.0| None
BIG-IQ Cloud| 4.0.0 - 4.5.0| None| Linux kernel (management interface)
BIG-IQ Device| 4.2.0 - 4.5.0| None| Linux kernel (management interface)
BIG-IQ Security| 4.0.0 - 4.5.0| None| Linux kernel (management interface)
BIG-IQ ADC| 4.5.0| None| Linux kernel (management interface)
BIG-IQ Centralized Management| 4.6.0| 5.0.0| Linux kernel (management interface)
BIG-IQ Cloud and Orchestration| 1.0.0| None| Linux kernel (management interface)
F5 iWorkflow| None| 2.0.0| None
LineRate| None| 2.4.0 - 2.50
1.6.0 - 1.6.4| None
F5 WebSafe| None| 1.0.0| None

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

F5 recommends that you limit network access to the management interface to a secure, management-only network.

For information about the management interface, refer to K7312: Overview of the management port.