ID SOL17407 Type f5 Reporter f5 Modified 2016-07-25T00:00:00
Description
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.
To mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.
Acknowledgements
F5 would like to acknowledge François Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.
Supplemental Information
SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4918: Overview of the F5 critical issue hotfix policy
SOL167: Downloading software and firmware from F5
SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems
{"title": "SOL17407 - Datastor kernel vulnerability CVE-2015-7394", "reporter": "f5", "published": "2015-10-27T00:00:00", "cvelist": ["CVE-2015-7394"], "hash": "fdfab44e71a3e98cea23309b8ec29792bcbaa40fd779b737dec1719e75e3e08c", "objectVersion": "1.2", "type": "f5", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html", "bulletinFamily": "software", "id": "SOL17407", "history": [], "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "modified": "2016-07-25T00:00:00", "affectedSoftware": [{"operator": "le", "name": "BIG-IP Link Controller", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP Edge Gateway", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IQ Device", "version": "4.5.0"}, {"operator": "le", "name": "Enterprise Manager", "version": "3.1.1"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IP ASM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP PEM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP APM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP WebAccelerator", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP PSM", "version": "11.4.1"}, {"operator": "le", "name": "BIG-IQ Cloud and Orchestration", "version": "1.0.0"}, {"operator": "le", "name": "BIG-IP LTM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IP AAM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IQ Centralized Management", "version": "4.6.0"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.6.0"}, {"operator": "le", "name": "BIG-IQ Cloud", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IP Analytics", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IQ Security", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IQ ADC", "version": "4.5.0"}, {"operator": "le", "name": "BIG-IP WOM", "version": "11.3.0"}, {"operator": "le", "name": "BIG-IP AAM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP GTM", "version": "11.5.3"}, {"operator": "le", "name": "BIG-IP AFM", "version": "11.5.3"}], "viewCount": 3, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.0}, "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nAcknowledgements\n\nF5 would like to acknowledge Fran\u00c3\u00a7ois Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/10000/900/sol10942.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "hashmap": [{"hash": "032d42cd04b3e682087f3260707c797b", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "dc3a250c4976de5e87f34e7553bceb96", "key": "cvelist"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "3a3ec08009afa21daf9ef7dddd6abeee", "key": "description"}, {"hash": "e6556060b61cc3bd0f2fce698cad5c86", "key": "href"}, {"hash": "952539204e3dcdf9fb320e71fa687278", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "c9ea97d5b6d88e78c242d826ca3f0443", "key": "published"}, {"hash": "32a6795862dd89bc88097f2f7657449f", "key": "references"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "reporter"}, {"hash": "1b41c7020ff05a1a81d79f3264481dc7", "key": "title"}, {"hash": "74ce2e1a498f2fa27b5542040be774dc", "key": "type"}], "lastseen": "2016-12-03T05:27:56"}
{"cve": [{"lastseen": "2016-09-03T23:15:31", "references": ["http://www.securitytracker.com/id/1034025", "http://www.securitytracker.com/id/1034026", "https://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html"], "edition": 1, "description": "The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.", "reporter": "NVD", "published": "2015-11-06T13:59:03", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CVE-2015-7394", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-7394"], "scanner": [], "modified": "2015-11-09T15:24:22", "cpe": ["cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1", "cpe:/a:f5:big-iq_device:4.2.0", "cpe:/a:f5:big-iq_cloud:4.1.0", "cpe:/a:f5:big-ip_analytics:11.5.2", "cpe:/a:f5:big-ip_application_security_manager:11.4.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.4.0", "cpe:/a:f5:big-iq_security:4.4.0", "cpe:/a:f5:big-ip_access_policy_manager:11.2.0", "cpe:/a:f5:big-ip_link_controller:11.5.2", "cpe:/a:f5:big-iq_adc:4.5.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.0", "cpe:/h:f5:big-ip_protocol_security_manager:11.4.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.5.2", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.0", "cpe:/a:f5:big-iq_cloud:4.0.0", "cpe:/a:f5:big-ip_access_policy_manager:11.4.1", "cpe:/a:f5:big-ip_application_security_manager:11.2.1", "cpe:/a:f5:big-ip_webaccelerator:11.3.0", "cpe:/a:f5:big-ip_analytics:11.1.0", "cpe:/a:f5:big-ip_access_policy_manager:11.5.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.1", "cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0", "cpe:/a:f5:big-ip_analytics:11.4.0", "cpe:/a:f5:big-ip_link_controller:11.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.2", "cpe:/a:f5:big-iq_security:4.1.0", "cpe:/a:f5:big-ip_webaccelerator:11.2.1", "cpe:/a:f5:big-iq_cloud:4.5.0", "cpe:/a:f5:big-ip_access_policy_manager:11.6.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.2.1", "cpe:/h:f5:big-ip_protocol_security_manager:11.2.1", "cpe:/a:f5:big-ip_analytics:11.3.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.2", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0", "cpe:/a:f5:big-ip_application_security_manager:11.2.0", "cpe:/a:f5:big-ip_analytics:11.2.1", "cpe:/a:f5:big-ip_wan_optimization_manager:11.1.0", "cpe:/a:f5:big-ip_application_security_manager:11.4.0", "cpe:/a:f5:big-ip_enterprise_manager:3.0.0", "cpe:/a:f5:big-ip_link_controller:11.4.0", "cpe:/a:f5:big-ip_access_policy_manager:11.2.1", "cpe:/h:f5:big-ip_protocol_security_manager:11.3.0", "cpe:/h:f5:big-ip_protocol_security_manager:11.1.0", "cpe:/a:f5:big-ip_access_policy_manager:11.5.2", "cpe:/a:f5:big-ip_local_traffic_manager:11.2.0", "cpe:/a:f5:big-ip_access_policy_manager:11.4.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.3.0", "cpe:/a:f5:big-ip_edge_gateway:11.1.0", "cpe:/a:f5:big-iq_device:4.3.0", "cpe:/a:f5:big-ip_analytics:11.5.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.0", "cpe:/a:f5:big-ip_link_controller:11.6.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.5.0", "cpe:/a:f5:big-ip_application_security_manager:11.5.2", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.0", "cpe:/a:f5:big-ip_edge_gateway:11.3.0", "cpe:/a:f5:big-ip_link_controller:11.2.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.1.0", "cpe:/a:f5:big-iq_cloud:4.2.0", "cpe:/a:f5:big-iq_cloud:4.3.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.2.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.5.0", "cpe:/h:f5:big-ip_protocol_security_manager:11.2.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.3.0", "cpe:/a:f5:big-ip_wan_optimization_manager:11.2.0", "cpe:/a:f5:big-ip_access_policy_manager:11.5.0", "cpe:/a:f5:big-iq_security:4.0.0", "cpe:/a:f5:big-ip_edge_gateway:11.2.1", "cpe:/a:f5:big-ip_link_controller:11.5.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.5.2", "cpe:/a:f5:big-ip_access_policy_manager:11.5.3", "cpe:/a:f5:big-ip_application_acceleration_manager:11.4.1", "cpe:/a:f5:big-ip_application_security_manager:11.5.1", "cpe:/a:f5:big-iq_device:4.4.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.5.3", "cpe:/a:f5:big-ip_webaccelerator:11.1.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.2.0", "cpe:/a:f5:big-ip_link_controller:11.5.3", "cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1", "cpe:/a:f5:big-iq_security:4.5.0", "cpe:/a:f5:big-ip_enterprise_manager:3.1.0", "cpe:/a:f5:big-iq_security:4.3.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.5.3", "cpe:/a:f5:big-ip_application_security_manager:11.6.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1", "cpe:/a:f5:big-ip_link_controller:11.5.1", "cpe:/a:f5:big-ip_analytics:11.6.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.4.1", "cpe:/a:f5:big-ip_global_traffic_manager:11.3.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.2", "cpe:/a:f5:big-ip_analytics:11.5.3", "cpe:/a:f5:big-ip_edge_gateway:11.2.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.3", "cpe:/a:f5:big-ip_link_controller:11.3.0", "cpe:/a:f5:big-ip_webaccelerator:11.2.0", "cpe:/a:f5:big-ip_application_security_manager:11.3.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.4.0", "cpe:/a:f5:big-ip_analytics:11.5.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3", "cpe:/a:f5:big-iq_cloud:4.4.0", "cpe:/a:f5:big-ip_application_security_manager:11.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.3", "cpe:/a:f5:big-ip_application_acceleration_manager:11.4.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.1", "cpe:/a:f5:big-ip_global_traffic_manager:11.1.0", "cpe:/a:f5:big-ip_access_policy_manager:11.3.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.4.1", "cpe:/a:f5:big-ip_access_policy_manager:11.1.0", "cpe:/a:f5:big-ip_enterprise_manager:3.1.1", "cpe:/a:f5:big-ip_analytics:11.2.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1", "cpe:/a:f5:big-iq_device:4.5.0", "cpe:/a:f5:big-iq_security:4.2.0", "cpe:/a:f5:big-ip_link_controller:11.4.1", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.0", "cpe:/a:f5:big-ip_local_traffic_manager:11.5.1", "cpe:/a:f5:big-ip_global_traffic_manager:11.5.1", "cpe:/a:f5:big-ip_analytics:11.4.1", "cpe:/a:f5:big-ip_application_security_manager:11.5.3", "cpe:/h:f5:big-ip_protocol_security_manager:11.4.1", "cpe:/a:f5:big-ip_link_controller:11.2.0", "cpe:/a:f5:big-ip_application_security_manager:11.5.0"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7394", "id": "CVE-2015-7394", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:33", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 545762 (BIG-IP), ID 550230 (BIG-IQ), and ID 550231 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17407 on the **Diagnostics** > **Identified** > **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP Analytics| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0| High| Datastor kernel module \nBIG-IP APM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP ASM| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP GTM| 11.6.0 \n11.1.0 - 11.5.3| 11.6.1 \n \n \n \n \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP Link Controller| 11.6.0 \n11.1.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.3| 12.0.0 \n11.6.1 \n11.5.4 \n11.4.1 HF10| High| Datastor kernel module \nBIG-IP PSM| 11.1.0 - 11.4.1| 11.4.1 HF10 \n11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP WebAccelerator| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nBIG-IP WOM| 11.1.0 - 11.3.0| 11.0.0 \n10.1.0 - 10.2.4| High| Datastor kernel module \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| High| Datastor kernel module \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ Device| 4.2.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ Security| 4.0.0 - 4.5.0| None| High| Datastor kernel module \nBIG-IQ ADC| 4.5.0| None| High| Datastor kernel module \nBIG-IQ Centralized Management| 4.6.0| 5.0.0| High| Datastor kernel module \nBIG-IQ Cloud and Orchestration| 1.0.0| None| High| Datastor kernel module \nF5 iWorkflow| None| 2.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the** Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this issue, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\nF5 would like to acknowledge Fran\u00e7ois Goichon of Context Information Security for bringing this issue to our attention, and for following the highest standards of responsible disclosure.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "reporter": "f5", "published": "2015-10-27T21:29:00", "title": "Datastor kernel vulnerability CVE-2015-7394", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-7394"], "modified": "2017-04-06T19:49:00", "href": "https://support.f5.com/csp/article/K17407", "id": "F5:K17407", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-26T14:42:22", "references": ["https://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html"], "pluginID": "1361412562310105426", "description": "The remote host is missing a security patch.", "edition": 6, "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-28T00:00:00", "title": "F5 BIG-IP - SOL17407 - Datastor kernel vulnerability CVE-2015-7394", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "F5 Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7394"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310105426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_f5_big_ip_sol17407.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# F5 BIG-IP - SOL17407 - Datastor kernel vulnerability CVE-2015-7394\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105426\");\n script_cve_id(\"CVE-2015-7394\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"F5 BIG-IP - SOL17407 - Datastor kernel vulnerability CVE-2015-7394\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html\");\n\n script_tag(name:\"impact\", value:\"An authenticated attacker who can upload and execute customized code on the BIG-IP system may be able to cause a denial-of-service (DoS) attack and/or gain administrative access to the system.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The datastor kernel module flaw in BIG-IP 11.1.0 through 11.6.0 can lead to a denial of service and/or elevation of privileges. (CVE-2015-7394)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-28 11:06:18 +0100 (Wed, 28 Oct 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) ) exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['AAM'] = make_array( 'affected', '11.6.0;11.4.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;');\n\ncheck_f5['AFM'] = make_array( 'affected', '11.6.0;11.3.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;');\n\ncheck_f5['AVR'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;11.0.0;');\n\ncheck_f5['APM'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['ASM'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['GTM'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '11.6.1;11.5.4;11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['LC'] = make_array( 'affected', '11.6.0;11.1.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['PEM'] = make_array( 'affected', '11.6.0;11.3.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.1;11.5.4;11.4.1_HF10;');\n\ncheck_f5['PSM'] = make_array( 'affected', '11.1.0-11.4.1;',\n 'unaffected', '11.4.1_HF10;11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['WAM'] = make_array( 'affected', '11.1.0-11.3.0;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;');\n\ncheck_f5['WOM'] = make_array( 'affected', '11.1.0-11.3.0;',\n 'unaffected', '11.0.0;10.1.0-10.2.4;');\n\nif( report = is_f5_vulnerable( ca:check_f5, version:version ) )\n{\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:54:13", "references": ["https://support.f5.com/csp/#/article/K17407"], "pluginID": "86619", "description": "The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.\n(CVE-2015-7394)", "edition": 7, "reporter": "Tenable", "published": "2015-10-28T00:00:00", "title": "F5 Networks BIG-IP : Datastor kernel vulnerability (K17407)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7394"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17407.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17407.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86619);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/10 14:27:32\");\n\n script_cve_id(\"CVE-2015-7394\");\n\n script_name(english:\"F5 Networks BIG-IP : Datastor kernel vulnerability (K17407)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link\nController, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before\n12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway,\nWebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0\nthrough 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and\nSecurity 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0,\nBIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows\nremote authenticated users to cause a denial of service or gain\nprivileges by leveraging permission to upload and execute code.\n(CVE-2015-7394)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K17407\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17407.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17407\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.4.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.1.0-11.5.3\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.1\",\"11.5.4\",\"11.4.1HF10\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.1.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF10\",\"11.0.0\",\"10.1.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.1.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.1.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
