SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

This security advisory describes an OpenSSL signature vulnerability. Forged RSA signatures may be accepted during client certificate validations when the certificates are signed by certain Certificate Authority (CA). This flaw could potentially cause F5 products to accept maliciously crafted client certificates as valid. Customers using client certificate authentication are vulnerable.

Information about this advisory is available at the following locations:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339&gt;

<http://www.frsirt.com/english/advisories/2006/3453&gt;

<http://www.openssl.org/news/secadv_20060905.txt&gt;

F5 Product Development tracked this issue as CR69440 and it was fixed in BIG-IP LTM version 9.1.3. For information about upgrading, refer to the BIG-IP LTM release notes.

F5 Product Development tracked this issue as CR69463 and it was fixed in BIG-IP LTM, GTM, ASM and Link Controller version 9.2.4. For information about upgrading, refer to the LTM, GTM, ASM, or Link Controller release notes.

F5 Product Development tracked this issue as CR69441 and it was fixed in BIG-IP LTM, GTM, ASM and Link Controller version 9.4.0. For information about upgrading, refer to the LTM, GTM, ASM, or Link Controller release notes.

F5 Product Development tracked this issue as CR69489 and it was fixed in FirePass versions 5.5.2 and 6.0.1. For information about upgrading, refer to the FirePass release notes.

F5 Product Development tracked this issue as CR69465 and it was fixed in Enterprise Manager version 1.2.1. For information about upgrading, refer to the Enterprise Manager release notes.

Obtaining and installing patches

F5 Product Development has determined this to be a remotely exploitable vulnerability for BIG-IP LTM, BIG-IP GTM, BIG-IP Link Controller, 3-DNS, FirePass, and Enterprise Manager. F5 has made version-specific patches available that address the CRs for the BIG-IP LTM, BIG-IP GTM, BIG-IP Link Controller, 3-DNS, FirePass, and Enterprise Manager products. You can download these patches from the F5 Downloads page for the following products and versions:

3-DNS | 4.5.12
4.5.13
4.5.14
4.6.4 | hotfix-vu845620 | openssl-so_nx-1.0-6-BSD_OS-4.1.im
FirePass | 5.4.2
5.5.0
5.5.1
6.0.0 | hotfix-cr69489 | HF-55325-56696-65044-67295-69489-69510-1-5.42-ALL-0.tar.gz.enc
HF-56696-65044-67295-69489-69510-1-5.5-ALL-0.tar.gz.enc
HF-65044-67295-69489-69510-1-5.51-ALL-0.tar.gz.enc
HF-600-4-6.0-ALL-0.tar.gz.enc

Enterprise Manager | 1.2.0 | hotfix-cr69465 | Hotfix-EM-1.2.0-CR69465.im

Note: For more information about installing the hotfixes listed above, refer to thereadme file on the F5 Downloads site for your version-specific hotfix.

**Important:**The openssl-so_nx-1.0-6-BSD_OS-4.1.im patch supercedes the openssl-so_nx-1.0-7-BSD_OS-4.1.im patch. If the openssl-so_nx-1.0-7-BSD_OS-4.1.im patch has already been installed, you will need to use the -force option when installing the openssl-so_nx-1.0-6-BSD_OS-4.1.im patch.

For information about how to download software, refer to SOL167: Downloading software from F5.