SOL8939 - SNMPv3 HMAC verification vulnerability CVE-2008-0960 - VU#878044

Information about this advisory is available at the following locations: F5 Product Development tracked this issue as CR99838 for BIG-IP LTM, GTM, ASM, PSM, Link Controller, and WebAccelerator and it was fixed in BIG-IP 9.4.6 and 10.0.0. For information about upgrading, refer to the BIG-IP LTM,...

SOL8938 - BIND DNS cache poisoning vulnerability - CVE-2008-1447 - VU#800113

This security advisory describes a BIND 8 and BIND 9 vulnerability which allows remote attackers to spoof DNS traffic using cache poisoning techniques against recursive resolvers. With the exception of FirePass, the F5 products listed as affected in this security advisory run a version of BIND th...

SOL8918 - Linux kernel vulnerability CVE-2007-3851

A flaw in the DRM driver for Intel graphics cards allows a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server, which is granted through the graphical login. This also only affects systems with an Intel 965 or later graphic...

SOL8924 - Linux kernel vulnerability CVE-2007-3843

A flaw in the CIFS handling of the mount option sec= that did not enable integrity checking and did not produce any error message. Information about this advisory is available at the following location:...

SOL8917 - Linux kernel vulnerability CVE-2007-1217

A flaw in the ISDN CAPI subsystem allows a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the vulnerable system. Information about this advisory is available at the following...

SOL8919 - Linux kernel vulnerability CVE-2007-2878

A flaw in the VFAT compat ioctls on a 64-bit system allows a local user to cause a denial of service. Information about this advisory is available at the following location:...

SOL8922 - Linux kernel vulnerability CVE-2007-3739

A flaw in the stack expansion when using the hugetlb kernel on a PowerPC system allows a local user to cause a denial of service. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the informati...

SOL8923 - Linux kernel vulnerability CVE-2007-2875

A flaw in the cpuset support allows a local user to obtain sensitive information from kernel memory. Information about this advisory is available at the following location:...

SOL8921 - Linux kernel vulnerability CVE-2007-3740

A flaw in the CIFS filesystem could cause the umask values of a process to not be honored. Information about this advisory is available at the following location:...

SOL8920 - Linux kernel vulnerability CVE-2007-2876

A flaw in the connection tracking support for SCTP allows a remote user to cause a denial of service by dereferencing a NULL pointer. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the...

SOL8874 - OpenSSL packages contain a predictable random number generator - VU#925211

A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Information about this advisory is available at the following location:...

SOL8869 - OpenSSL TLS handshake Denial of Service VU#520586

Description A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Information about this advisory is available at the following location:...

SOL8837 - OpenSSL DTLS off-by-one error - CVE-2007-4995

Description CVE-2007-4995 - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Information about this advisory is available at the following location:...

SOL8870 - OpenSSL Server Name extension Denial of Service VU#661475

Description A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Information about this advisory is available at the following location:...

SOL8863 - Cross-Site Scripting (XSS) vulnerabilities in the FirePass Administrative Console

Multiple cross-site scripting XSS vulnerabilities exist in the FirePass Administrative Console pages. The affected Administrative Console pages fail to fully sanitize certain URL arguments before the requested web page content is returned to the browser. These vulnerabilities are only available t...

SOL8700 - Remote web service buffer overflow vulnerability

F5 has determined that a buffer overflow vulnerability exists in FirePass web services that provide User access, which could allow a remote attacker to gain privileged access to the FirePass controller. Web services providing User access can be identified by the U in the Services column on the...

SOL8578 - Security Advisory: BIND buffer overflow in inet_network CVE-2008-0122

An off-by-one error in the inetnetwork function in libbind could lead to memory corruption with certain inputs. libbind has a vulnerability in the inetnetwork API. However, this API is not used by any F5 products that use the affected version of BIND. Information about this advisory is available ...

SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface

To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client. Note: Because exploitation of this...

SOL8599 - Cross-site scripting vulnerability viewing logs from the Console section of the web management interface

A cross-site scripting XSS vulnerability in the Console feature of the BIG-IP and Enterprise Manager web management interface may allow for script excecution when viewing a log file that contains malicious content. Exploitation of this vulnerability would require an attacker to generate a log ent...

SOL8508 - Cross-site scripting vulnerability in installControl.php3 page

A cross-site scripting XSS vulnerability exists in the FirePass installControl.php3 page, which is accessible prior to authentication. The installControl.php3 page fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web...

SOL8425 - Linux Kernel Vulnerability - CVE-2008-0600

CVE-2008-0600 - Linux Kernel Multiple Memory Access Vulnerabilities. The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges through crafted arguments in a vmsplice syste...

SOL8424 - Java Runtime Environment Vulnerability - CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges through an untrusted application or applet, as demonstrated by an application or applet that grants...

SOL8420 - ClamAV buffer overflow vulnerabilities - CVE-2007-6335, CVE-2007-6336

The FirePass controller can be configured to provide antivirus scanning of files uploaded through Portal Access. The software used to scan uploaded files is ClamAV open source software, which is enabled by selecting the Enable Standalone Virus Scanner button on the Antivirus tab of the Portal...

SOL8406 - The BIG-IP ASM web management interface cross-site scripting vulnerability CVE-2008-0539

The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report function. The vulnerability is within the BIG-IP ASM portion of the Configuration utility and can be accessed successfully only if the browser user is authenticated and the BIG-IP ASM...

SOL8331 - OpenSSL FIPS Object Module 1.1 vulnerability - CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. Information...

SOL8280 - Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265

The vulnerability is only available to authenticated users. Theoretically, a malicious site could use another tab in an admin user's browser to hit a list URL and cause the admin user's Configuration utility to render malicious JavaScript in the admin user's browser. The results are not saved...

SOL8178 - MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303

Information about these advisories is available at the following locations: An authenticated user who can issue SQL commands could crash the database server. A malicious user with filesystem access could cause data loss on the filesystem. VIEW definition updates do not occur correctly, allowing a...

SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting XSS vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks...

SOL8171 - Linux kernel IA32 System Call vulnerability - CVE-2007-4573

Vulnerability description This security advisory describes a vulnerability in the Linux kernel which may allow local users to gain elevated privileges using the IA32 system call emulation functionality on 64-bit platforms. Information about this advisory is available at the following location:...

SOL8174 - F5 VPN Client for Windows is remotely exploitable through a buffer overflow

A vulnerability exists in the F5 VPN Client for Windows, also called the Standalone Client. The Client can be exploited remotely by a buffer overflow attack on one of the Client's ActiveX control components. A successful attack can result in execution of malicious commands by the remote attacker...

SOL8108 - OpenSSL vulnerability CVE-2007-3108

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

SOL8077 - BIND 8 vulnerability CVE-2007-2930

The NSIDSHUFFLEONLY and NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches using unknown vectors...

SOL8072 - Obtaining uptime information from TCP timestamps

Timestamps are a TCP option used by a TCP/IP networking stack to implement two algorithms: the Round-Trip Time Measurement RTTM algorithm and the Protection Against Wrapped Sequence Numbers PAWS algorithm. Both algorithms are defined in RFC 1323, and are widely implemented by most modern operatin...

SOL8008 - Forcing a session ID into a user login

A vulnerability exists in the FirePass logon sequence. Under certain conditions, the Firepass controller accepts an existing session ID cookie sent by the browser, and returns the cookie with the same session ID after the user authenticates to the FirePass controller. A successful exploit would...

SOL6916 - Case change in URL host name circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section located on the Portal Access : Web Applications : Master Group Settings page using a URL whose hostname portion differs in case upper vs. lower from the URL pattern in the Deny list. After logging in to the...

SOL7983 - ClamAV NULL dereference vulnerability - CVE-2007-4510

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access Content Inspection page, through the Enable Standalone virus Scanner option...

SOL7985 - ClamAV clamav-milter vulnerability - CVE-2007-4560

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access through the ClamAV open source software. Scanning is configured on the Antivirus tab of the Portal Access: Content Inspection page, through the Enable Standalone virus Scanner option...

SOL7859 - Multiple PHP vulnerabilities

PHP has been cited with multiple vulnerabilities. For information about these vulnerabilities, refer to the National Vulnerabilities Database. Information about these advisories is available at the following locations: CVE-2007-1846 SQL injection vulnerability in index.php in the MyAds 2.04jp and...

SOL7923 - Cross-site scripting vulnerability in the logon page after enabling a pre-logon sequence - CVE-2007-6704

A cross-site scripting XSS vulnerability—CVE-2007-6704—exists in the FirePass logon page when a pre-logon sequence is enabled. The affected FirePass URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages,...

SOL7886 - Remote vulnerability in the mod_jk2 Apache module, VU #771937

A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system. Information about this advisory is available at the following location: F5 Product Development tracked this issue as CR83564 and i...

SOL7854 - Web Applications Content Processing Scripts vulnerability

F5 Product Development tracked this issue as CR81839 and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes. Additionally, cumulative hotfix HF-552-10 has been issued for FirePass 5.5.2, cumulative hotfix HF-600-15 has been issued for FirePass 6.0...

SOL7827 - tcpdump 3.9.6 vulnerability CVE-2007-3798

For information about this advisory, refer to the Common Vulnerabilities and Exposures website at the following location:...

SOL7593 - Command injection into F5 ActiveX control

A vulnerability exists in an F5 ActiveX control. The ActiveX control is downloaded to a Windows client system when you log in to a FirePass controller, which is configured for specific pre-logon sequence functionality. The ActiveX control could run executables that reside on the system if an...

SOL7544 - Full-width and half-width Unicode encoded data bypasses IDS/IPS security controls, VU #739224

Unicode is a system for encoding characters of a character set, which is used in networked applications. IDS/IPS or other security devices may fail to decode and recognize the characters that represent an attack if encoded in Unicode, and pass the characters to a target device. If the target devi...

SOL7521 - Stack-based buffer overflow vulnerability in web browser plug-in

In order for this exploit to be successful, the attacker must persuade you to view the malicious web page. If you view the malicious web page in a browser that has affected FirePass plug-in installed, this could result in malicious code execution on the client side, disclosure of sensitive...

SOL7529 - Stack-based buffer overflow vulnerability in ActiveX control

FirePass 5.5 is not affected, but the following hotfixes for version 5.5 are affected: HF-59313-57605-55025-61183-61531-61155-1 HF-59313-57605-55025-61183-61531-61155-55266-1 HF-59313-57605-55025-61183-61531-61155-55266-63623-1 HF-59313-57605-55025-61183-61531-61155-55266-63623-2 FirePass 5.5.1 i...

SOL7528 - Heap-based buffer overflow vulnerability in ActiveX control

A heap-based buffer overflow vulnerability exists in the FirePass ActiveX control. This ActiveX control is installed in Microsoft Internet Explorer when a user logs on to FirePass. In some configurations, this control may be installed at the FirePass logon page prior to authentication. It is...

SOL7498 - Cross-site scripting vulnerability in download_plugin.php3 page

A cross-site scripting XSS vulnerability exists in the FirePass downloadplugin.php3 page, which is accessible prior to authentication. For example: https://firepass.siterequest.com/downloadplugin.php3 The downloadplugin.php3 page fails to fully sanitize URL input before the web page content is se...

SOL6795 - ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295

The FirePass controller can be configured to provide anti-virus scanning of files uploaded through Portal Access using the ClamAV open source software. A vulnerability in ClamAV 0.88.4 and earlier versions could allow a remote attacker to crash the scanner process using a specially crafted...