SOL10417 - BIG-IP ASM and PSM remote buffer overflow exploit

2009-08-19T00:00:00
ID SOL10417
Type f5
Reporter f5
Modified 2016-07-25T00:00:00

Description

F5 Product Development tracked this issue as CR126690 and it was fixed in BIG-IP ASM and PSM 9.4.8 and 10.1.0. For information about upgrading, refer to the BIG-IP ASM or PSM release notes.

Important: This issue was re-introduced in 9.4.8 HF-1, and then fixed in 9.4.8 HF-2 and later as CR133530.

Additionally, this issue has been fixed in the following hotfixes:

  • Hotfix-BIGIP-9.4.6-425.0-HF3 issued for BIG-IP 9.4.6
  • Hotfix-BIGIP-9.4.7-330.0-HF2 issued for BIG-IP 9.4.7
  • Hotfix-BIGIP-9.4.8-385.0-HF2 issued for BIG-IP 9.4.8
  • Hotfix-BIGIP-10.0.0-5519.0-HF3 issued for BIG-IP 10.0.0
  • Hotfix-BIGIP-10.0.1-354.0-HF2 issued for BIG-IP 10.0.1

You may download these hotfixes or later versions of the cumulative hotfixes from the F5 Downloads site.

To view a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.

For information about managing hotfixes on BIG-IP 9.x systems, refer to SOL6845: Managing F5 product hotfixes for version 9.x systems.

For information about installing version 10.x hotfixes on systems with a logical volume management (LVM) disk-formatting scheme, refer to SOL10025: Managing F5 product hotfixes for BIG-IP version 10.x systems.

For information about installing version 10.x hotfixes on systems with a partitioned disk-formatting scheme, refer to SOL9819: Installing a BIG-IP version 10.x hotfix on a partitioned system.

For information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.