SOL9025 - FirePass SNMP DoS vulnerability

This SNMP vulnerability can at most cause DoS of the FirePass SNMP service and cannot cause either unprivileged access to the FirePass controller or DoS of other FirePass services.

Information about this advisory is available at the following location:

<http://www.securityfocus.com/archive/1/493950/30/0/threaded&gt;

F5 Product Development tracked this issue as CR102185 and it was fixed in FirePass 6.0.3. For information about upgrading, refer to the FirePass release notes.

Obtaining and installing patches

You can download patches from the F5 Downloads site for the following products and versions:

Important: Although FirePass 5.5.0 and 5.5.1 are not affected by the SNMP vulnerability described in this security advisory, hotfix-100973 has been issued for FirePass 5.5.0 and 5.5.1 to resolve the vulnerability described in SOL8939: SNMPv3 HMAC verification vulnerability - CVE-2008-0960 - VU#878044.

Note: For more information about installing the hotfixes listed above, refer to the readme file on the F5 Downloads site for your version-specific hotfix.

For information about downloading software, refer to SOL167: Downloading software from F5 Networks.

Workaround

You can reduce the likelihood of this issue by ensuring that the Accessed from fields on the Device Management : Configuration : SNMP page contain only trusted hosts and networks. TheAccessed fromfields are located in theAccess Control section of the Device Management : Configuration : SNMP page.

If you do not use the FirePass SNMP agent, you can work around this issue by disabling the SNMP agent. To do so, perform the following procedure:

1. Log on to the FirePass Administrative Console.
2. Navigate to Device Management >Configuration>SNMP.
3. If you are running FirePass 6.x, clear the Start SNMP agent check box.

If you are running FirePass 5.x, clear the Run SNMP agent on portcheck box.
4. At the bottom of the page, click Submit.