Lucene search
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL24324390.NASLHistoryDec 18, 2018 - 12:00 a.m.
F5 Networks BIG-IP : OpenSSH vulnerability (K24324390)
2018-12-1800:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)
Impact
A locally authenticated attacker may be able to exploit this vulnerability and obtain sensitive key information.
Note : No such leak has been observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K24324390.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(119733);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
script_cve_id("CVE-2016-10011");
script_name(english:"F5 Networks BIG-IP : OpenSSH vulnerability (K24324390)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"authfile.c in sshd in OpenSSH before 7.4 does not properly consider
the effects of realloc on buffer contents, which might allow local
users to obtain sensitive private-key information by leveraging access
to a privilege-separated child process. (CVE-2016-10011)
Impact
A locally authenticated attacker may be able to exploit this
vulnerability and obtain sensitive key information.
Note : No such leak has been observed in practice for normal-sized
keys, nor does a leak to the child processes directly expose key
material to unprivileged users."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K24324390"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K24324390."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/05");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K24324390";
vmatrix = make_array();
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3");
vmatrix["AFM"]["unaffected"] = make_list("14.1.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3");
vmatrix["AM"]["unaffected"] = make_list("14.1.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3","11.2.1");
vmatrix["APM"]["unaffected"] = make_list("14.1.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3","11.2.1");
vmatrix["ASM"]["unaffected"] = make_list("14.1.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3","11.2.1");
vmatrix["AVR"]["unaffected"] = make_list("14.1.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3","11.2.1");
vmatrix["LC"]["unaffected"] = make_list("14.1.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3","11.2.1");
vmatrix["LTM"]["unaffected"] = make_list("14.1.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.0","12.0.0-12.1.3","11.4.0-11.6.3");
vmatrix["PEM"]["unaffected"] = make_list("14.1.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());
else security_note(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
| f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
| f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
| f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
| f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
| f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
| f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
| f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
| f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager | |
| f5 | big-ip_webaccelerator | cpe:/a:f5:big-ip_webaccelerator |
Related
ubuntucve
ubuntucve
CVE-2016-10011
2017-01-04 00:00:00
prion
prion
Design/Logic Flaw
2017-01-05 02:59:00
osv
osv
CVE-2016-10011
2017-01-05 02:59:03
openssh - security update
2018-09-10 00:00:00
redhatcve
redhatcve
CVE-2016-10011
2016-12-20 08:47:24
cve
cve
CVE-2016-10011
2017-01-05 02:59:00
f5
f5
K24324390 : OpenSSH vulnerability CVE-2016-10011
2017-01-27 00:00:00
alpinelinux
alpinelinux
CVE-2016-10011
2017-01-05 02:59:00
debiancve
debiancve
CVE-2016-10011
2017-01-05 02:59:00
seebug
seebug
OpenSSH information leak Vulnerability, CVE-2016-10011)
2016-12-21 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : openssh (EulerOS-SA-2017-1054)
2017-05-01 00:00:00
EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1055)
2017-05-01 00:00:00
SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)
2017-03-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1054)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1055)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0607-2)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25
2017-01-06 20:25:39
slackware
slackware
[slackware-security] openssh
2016-12-24 01:35:34
ibm
ibm
archlinux
archlinux
[ASA-201612-20] openssh: multiple issues
2016-12-22 00:00:00
symantec
symantec
SA144 : OpenSSH Vulnerabilities January 2017
2017-03-02 08:00:00
aix
aix
Vulnerabilities in OpenSSH affect AIX.
2017-02-05 23:36:10
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2017-08-07 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2018-01-22 00:00:00
amazon
amazon
Medium: openssh
2017-10-03 11:00:00
cloudfoundry
cloudfoundry
USN-3538-1: OpenSSH vulnerabilities | Cloud Foundry
2018-02-01 00:00:00
redhat
redhat
(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update
2017-08-01 05:57:17
centos
centos
openssh, pam_ssh_agent_auth security update
2017-08-24 01:40:16
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
Related for F5_BIGIP_SOL24324390.NASL