F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014
CVE: CVE-2014-2927
BID: 69461
OSVDB: 110595

Background

F5 BIG-IP is a suite of security, availability and acceleration products.

Problem

When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and execute arbitrary code with root privileges.

Resolution

Upgrade to a non-vulnerable version, as reported in F5 Security Advisory SOL15235.

References

<http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html&gt;
<http://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdf&gt;

Limitations

The target must be configured in the high availability/failover mode.

The OpenSSH and rsync clients must be installed on the SAINTexploit host.

Platforms

Linux