ID SOL17407 Type f5 Reporter f5 Modified 2016-07-25T00:00:00
Description
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
To mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.
Acknowledgements
F5 would like to acknowledge François Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5
SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems
{"title": "SOL17407 - Datastor kernel vulnerability CVE-2015-7394", "reporter": "f5", "published": "2015-10-27T00:00:00", "cvelist": ["CVE-2015-7394"], "hash": "fdfab44e71a3e98cea23309b8ec29792bcbaa40fd779b737dec1719e75e3e08c", "objectVersion": "1.2", "type": "f5", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html", "bulletinFamily": "software", "id": "SOL17407", "history": [], "enchantments": {"vulnersScore": 5.0}, "modified": "2016-07-25T00:00:00", "affectedSoftware": [{"operator": "le", "name": "BIG-IP Link Controller", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP Edge Gateway", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IQ Device", "version": "4.5.0"}, {"operator": "le", "name": "Enterprise Manager", "version": "3.1.1"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IP ASM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP PEM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP APM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP PSM", "version": "11.4.1"}, {"operator": "le", "name": "BIG-IQ Cloud and Orchestration", "version": "1.0.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IP AAM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IQ Centralized Management", "version": "4.6.0"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IQ Cloud", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IQ Security", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IQ ADC", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IP WOM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP AAM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP GTM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.5.3"}], "viewCount": 2, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.0}, "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nAcknowledgements\n\nF5 would like to acknowledge Fran\u00c3\u00a7ois Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "hashmap": [{"hash": "032d42cd04b3e682087f3260707c797b", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "dc3a250c4976de5e87f34e7553bceb96", "key": "cvelist"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "3a3ec08009afa21daf9ef7dddd6abeee", "key": "description"}, {"hash": "e6556060b61cc3bd0f2fce698cad5c86", "key": "href"}, {"hash": "952539204e3dcdf9fb320e71fa687278", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "c9ea97d5b6d88e78c242d826ca3f0443", "key": "published"}, {"hash": "32a6795862dd89bc88097f2f7657449f", "key": "references"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "reporter"}, {"hash": "1b41c7020ff05a1a81d79f3264481dc7", "key": "title"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "type"}], "lastseen": "2016-12-03T05:27:56"}
{"result": {"cve": [{"id": "CVE-2015-7394", "type": "cve", "title": "CVE-2015-7394", "description": "The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.", "published": "2015-11-06T13:59:03", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7394", "cvelist": ["CVE-2015-7394"], "lastseen": "2016-09-03T23:15:31"}], "f5": [{"id": "F5:K17407", "type": "f5", "title": "Datastor kernel vulnerability CVE-2015-7394", "description": "\nF5 Product Development has assigned ID 545762 (BIG-IP), ID 550230 (BIG-IQ), and ID 550231 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17407 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP Analytics| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0| High| Datastor kernel module \nBIG-IP APM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP ASM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP GTM| 11.6.0 \n11.1.0 - 11.5.3| 11.6.1 \n \n \n \n \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP Link Controller| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP PSM| 11.1.0 - 11.4.1| 11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| High| Datastor kernel module \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ Device| 4.2.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ Security| 4.0.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ ADC| 4.5.0| None| High| Datastor kernel module \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| High| Datastor kernel module \nBIG-IQ Cloud and Orchestration| 1.0.0| None| High| Datastor kernel module \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nF5 would like to acknowledge Fran\u00e7ois Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "published": "2015-10-27T21:29:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K17407", "cvelist": ["CVE-2015-7394"], "lastseen": "2017-06-08T00:16:33"}], "openvas": [{"id": "OPENVAS:1361412562310105426", "type": "openvas", "title": "F5 BIG-IP - SOL17407 - Datastor kernel vulnerability CVE-2015-7394", "description": "The remote host is missing a security patch.", "published": "2015-10-28T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105426", "cvelist": ["CVE-2015-7394"], "lastseen": "2017-07-02T21:11:26"}], "nessus": [{"id": "F5_BIGIP_SOL17407.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Datastor kernel vulnerability (K17407)", "description": "The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.\n(CVE-2015-7394)", "published": "2015-10-28T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86619", "cvelist": ["CVE-2015-7394"], "lastseen": "2017-10-29T13:40:44"}]}}
