SOL17447 - Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730

2015-10-1600:00:00

support.f5.com

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

8.6%

JSON

Recommended Action

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.

Mitigating the vulnerability

To mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.

Determining vulnerability exposure on your system

By default, the vulnerable UDF kernel module is not loaded and not used by the affected F5 products. However, you can determine if your system is exposed to this vulnerability by verifying whether the UDF kernel module is loaded. To do so, perform the following procedure:

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

Log in to the command line.
Verify if the UDF kernel module is loaded by typing the following command:

lsmod | grep -i udf

If the command returns no output, the UDF kernel module is not loaded on the system and the system is not exposed to this vulnerability. The UDF kernel module is loaded on the system and the system is exposed to this vulnerability if the command output appears similar to the following example:

udf 66451 0
crc_itu_t 1669 1 udf

Supplemental Information

SOL9970: Subscribing to email notifications regarding F5 products
SOL9957: Creating a custom RSS feed to view new and updated documents
SOL4602: Overview of the F5 security vulnerability response policy
SOL4918: Overview of the F5 critical issue hotfix policy

CPENameOperatorVersion
big-iq securityle4.5.0
big-ip apmle12.0.0
big-ip afmle12.0.0
big-ip ltmle12.0.0
big-ip link controllerle12.0.0
big-ip webacceleratorle11.3.0
big-ip aamle12.0.0
big-ip edge gateway
le11.3.0
big-ip womle11.3.0
big-ip psmle11.4.1

Name	Operator	Version
big-iq security	le	4.5.0
big-ip apm	le	12.0.0
big-ip afm	le	12.0.0
big-ip ltm	le	12.0.0
big-ip link controller	le	12.0.0
big-ip webaccelerator	le	11.3.0
big-ip aam	le	12.0.0
big-ip edge gateway	le	11.3.0
big-ip wom	le	11.3.0
big-ip psm	le	11.4.1