EUVD-2018-17309

Malware in sbrugna...

F5 Networks BIG-IP : big3d agent vulnerability (K72708443)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.0.4 / 14.0.0. It is, therefore, affected by a vulnerability as referenced in the K72708443 advisory. - On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not secure...

K000132972: BIG-IP iQuery mesh vulnerability CVE-2023-28742

Security Advisory Description When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. CVE-2023-28742 Impact This vulnerability may allow an authenticated attacker with network access to the DNS iQuery mesh through the BIG-IP management port and/...

K82038789: big3d vulnerability CVE-2018-5540

Security Advisory Description The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. Security Advisory...

K72708443: big3d agent vulnerability CVE-2021-22982

Security Advisory Description big3d does not securely handle and parse certain payloads resulting in a buffer overflow. CVE-2021-22982 Impact An attacker may trigger a buffer overflow to cause the big3d agent to stop responding, which generates a core file. Security Advisory Status F5 Product...

K71103363: BIG-IP big3d vulnerability CVE-2022-29480

Security Advisory Description When multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. CVE-2022-29480 Impact This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a...

K10196624: libcurl vulnerability CVE-2016-8618

Security Advisory Description The libcurl API function called curlmaprintf before version 7.51.0 can be tricked into doing a double-free due to an unsafe sizet multiplication, on systems using 32 bit sizet variables. CVE-2016-8618 Impact A custom monitor or script that calls the curl command may...

CVE-2022-29480

On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evalua...

F5 Networks BIG-IP : BIG-IP big3d vulnerability (K71103363)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.0.0. It is, therefore, affected by a vulnerability as referenced in the K71103363 advisory. - On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are...

CVE-2022-29480

On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evalua...

CVE-2021-22982

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

F5 Networks BIG-IP : big3d vulnerability (K82038789)

The big3d process does not irrevocably minimize group privileges at startup. CVE-2018-5540 Impact There is not a known attack vector, but if the big3d process is compromised, it is possible for it to regain the group privileges it was launched with. C Tenable Network Security, Inc. The descriptiv...

Code injection

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up...

CVE-2018-5540

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up...

F5 Networks BIG-IP : libcurl vulnerability (K10196624)

The libcurl API function called curlmaprintf before version 7.51.0 can be tricked into doing a double-free due to an unsafe sizet multiplication, on systems using 32 bit sizet variables. CVE-2016-8618 Impact A custom monitor or script that calls the curl command may allow unauthorized disclosure ...

F5 Networks BIG-IP : Expat vulnerability (K52320548)

An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user...

SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL86772626 - OpenSSL vulnerability CVE-2015-3194

Vulnerability Recommended Actions BIG-IP Configuration utility The Configuration utility is not vulnerable by default. To be vulnerable, the system administrator must modify the configuration to perform client-side certification authentication, such as when you perform the procedures in either of...

F5 Networks BIG-IP : OpenSSL vulnerability (K15325)

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...