SOL4207 - Buffer overflow in mod_include - CAN-2004-0940

The version of modinclude used in BIG-IP and 3-DNS versions prior to 4.5.12 and 4.6.3 is vulnerable, but it is not enabled by default and is not enabled by using any BIG-IP or 3-DNS features. To enable modinclude, you must modify the httpd.conf file and then install HTML pages that use modinclude...

SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

This security advisory describes the following local OpenSSL vulnerabilities: Denial of Service Attacks CVE-2006-2937, CVE-2006-2940 SSLgetsharedciphers buffer overflow CVE-2006-3738 SSLv2 Client Crash CVE-2006-4343 Information about this advisory is available at the following location: Note: Thi...

SOL5716 - Authentication bypass in PAM LDAP module - CAN-2005-2641

Vulnerability description: Vulnerability in pamldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. Information about this advisory is available at the following locations: US-CERT Vulnerability Note VU778916 pamldap authenticatio...

SOL2339 - Remote Buffer Overflow in Sendmail - CA-2003-07

If you have configured sendmail as a daemon that is, it is listening on port 25 and relays mail, you can use the /etc/hosts.allow file to restrict access to the daemon from trusted hosts...

SOL4119 - Buffer overflow in mod_ssl - CVE-2002-0082

Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL5868 - Buffer overflow vulnerability in cURL - CVE-2005-4077

Because an attacker would require root access to exploit this vulnerability, it is considered to be a minor risk. You can find information about this advisory at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be remove...

SOL3568 - DNS denial of service vulnerability - CAN-2004-0789

Vulnerability description and product information: Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to caus...

SOL6579 - Cross-Site Scripting Vulnerability - ProCheckUp Security Bulletin PR06-04

ProCheckUp has informed F5 Networks of a potential Cross Site Scripting XSS vulnerability in some versions of the FirePass controller. The vulnerability exists in the login sequence of the Firepass controller. The affected FirePass pages fail to fully sanitize URL input before the web page conten...

SOL2617 - Reverse name resolution vulnerability in SSH - CVE-2003-0386

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

SOL5873 - PAM conversation stack corruption in OpenSSH - CVE-2003-0787

Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL1518 - Multiple SSH1 vulnerabilities - CA-2001-35

CERT Advisory CA-2001-35 revisits several existing exploits for the SSH1 and SSH2 protocols handled by the sshd process. For more information about the vulnerability, refer to the CERT website at the following location: . Workaround If you have BIG-IP or 3-DNS 4.5, you can work around these issue...

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

This security advisory describes an OpenSSL signature vulnerability. Forged RSA signatures may be accepted during client certificate validations when the certificates are signed by certain Certificate Authority CA. This flaw could potentially cause F5 products to accept maliciously crafted client...

SOL3277 - mod_ssl and ssl_log vulnerability VU#303448

Information about this advisory is available at the following location: F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS version 4.5.11 and 4.6.2. For instructions about downloading software from F5, refer to SOL167: Downloading software from F5. A VU303448 patch has...

SOL3279 - Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code by way of a negative Content-Length HTTP header field, which causes a large amount of data to be copied...

SOL1882 - Buffer Overflows in DNS Resolver Libraries vulnerability CAN-2002-19

CERT has released an advisory regarding a buffer overflow in the way that stub resolvers handle DNS responses. Malicious users could use this exploit to cause a denial-of-service DoS attack or possibly run arbitrary code on the system. For more information about this advisory, refer to the...

SOL2232 - checktrap.pl script may be vulnerable to remote command execution

The checktrap.pl script may be vulnerable to remote command execution. F5 Networks Product Development tracked this issue as CR35371 and CR35372, and it was fixed in BIG-IP and 3-DNS version 4.5.12 for the 4.5 software branches and in version 4.6.3 for the 4.6 software branches. Obtaining and...

SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700

In the default configuration, BIG-IP and 3-DNS do not require client certificates to connect to the Configuration utility. This vulnerability cannot be exploited without making unsupported changes to the BIG-IP or 3-DNS web server configuration. This problem was tracked as CR53583 and CR53585 and...

SOL5835 - Security Advisory: Possible kernel memory vulnerability in the sendfile() system call - CVE-2005-0708

Vulnerability description The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. Information about this advisory is available a...

SOL7397 - Download of local FirePass files using the URL in Webtop or the Admin UI

A vulnerability exists that allows an authenticated FirePass user to download files from the filesystem of a FirePass controller. In order to download a file, the user must first log in to the FirePass controller webtop or the Admin UI, and type a specially crafted URL into their web browser. Thi...

SOL1907 - mod_ssl and Apache_SSL buffer overflow - CAN-2002-0082

Information about this vulnerability can be found at the following location:...

SOL2319 - Insufficient MAC computation in OpenSSH - CAN-2003-0078

Obtaining and installing patches F5 has released a patch for BIG-IP and 3-DNS versions 4.2 and 4.5. To download the patch, perform the following procedure 1. Open the F5 Downloads page in a browser. 2. Navigate to the BIG-IP BIG-IP v4.x 4.5.x section. 3. Click CAN-2003-0078 and download the...

SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Apache modssl SSLVerifyClient bypass vulnerability CAN-2005-2700. Information about this advisory is available at the following location:...

SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599

These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that use libpng to execute arbitrary code. Since an attacker would require root access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to ...

SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700

Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...

SOL6669 - Apache HTTP Expect header handling

The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...

SOL5533 - Potential protocol version rollback vulnerability in OpenSSL - CVE-2005-2969

It is possible that customers using non-default SSL options could be exposed to this vulnerability in the BIG-IP LTM Configuration utility, SSL terminating virtual servers, and bundled utilities. F5 tracked this problem as CR55070, CR55145, CR55203, CR55204, CR55283, CR55426, CR55588, and CR63465...

SOL6919 - Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097

A cross-site scripting XSS vulnerability exists in the FirePass my.activation.php3 logon page.The affected FirePass logon URL fails to fully sanitize certain URL arguments before the requested web page content is returned to the browser. It is possible for an attacker to create web pages, emails ...

SOL1877 - OpenSSH Remote Challenge Vulnerability - CAN-2001-1279

Information about this advisory can be found at the following location:...

SOL1933 - Multiple Vulnerabilities in OpenSSL - CAN-2002-23

Information about this advisory can be found at the following location:...

SOL6804 - ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

The FirePass controller provides anti-virus scanning of files uploaded through Portal Access from the ClamAV open source software . Scanning is enabled by selecting the Enable Standalone Virus Scanner option button on the Antivirus tab of the Portal Access: Content Inspection page. A vulnerabilit...

SOL4447 - cURL buffer overflow vulnerability - CAN-2005-0490

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by 1 the Curlinputntlm functio...

SOL4369 - Configuration utility login vulnerability - CR45786

BIG-IP 9.0.2 through 9.0.4 cache login credentials for the Configuration utility. Once a user is logged in, the cache does not check the password entered for additional sessions under that user name. As a result, it is possible to gain access to the BIG-IP Configuration utility without a password...

SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures. Although the Configuration utility for F5...

SOL2379 - Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131

F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS versions 4.5.11 and 4.6.2...

SOL4232 - BIND version 8.4.4 and 8.4.5 vulnerability - CAN-2005-0033

A buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the...

SOL1989 - Apache/mod_ssl Worm vulnerability CA-2002-27

CERT Advisory CA-2002-27 reports a vulnerability that affects many operating systems. For more information about the vulnerability, refer to the following CERT website:...

SOL5004 - Security Advisory: zlib buffer overflow - CAN-2005-2096

Vulnerability description zlib 1.2 and later versions allows remote attackers to cause a denial of service crash via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. Information...

SOL6999 - Web browser domain-based security and discussion of "double eval()" and FP_DO_NOT_TOUCH tags - VU#261869

This potential vulnerability is discussed in the Web browser domain-based security section of this advisory. Additionally, the January 2007 security advisory 1 discusses a potential FirePass cross-site scripting vulnerability related to the double eval Javascript and FPDONOTTOUCH tags. This...

SOL2591 - Linux kernel vulnerabilities - CAN-2003-0244, CAN-2003-0246

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks securi...

SOL1956 - Integer Overflow In XDR Library - CA-2002-25

Information about this advisory can be found at the following location:...

SOL2355 - Timing attacks on RSA private keys - CAN-2003-0147

Information about this advisory can be found at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL6339 - Sendmail race condition - VU#834865

F5 Networks Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS version 4.5.11 for the 4.5 software branch and in version 4.6.2 for the 4.6 software branch. F5 Networks Product Development tracked this issue and it was fixed in WebAccelerator version 5.2 for the 5.x softwa...

SOL5165 - rsync directory traversal vulnerability - CAN-2004-0792

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Information about this advisory is available at the following location:...

SOL4743 - Inadequate validation for TCP segments CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

SOL3126 - Large TCP window sizes may make it easier to predict sequence numbers vulnerability CVE-2004-0230

This vulnerability is found in the principle design of TCP/IP itself and cannot be completely corrected without changing to an alternate protocol. The central issue in this vulnerability is that for long-lived connections, as measured in hours or days, an outside attacker could send a flurry of R...

SOL2104 - Buffer read overflow in DNS resolver libraries - CAN-2002-1146

Information about this vulnerability can be found at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge...

SOL3015 - FIPS hardware vulnerability - nCipher Advisory #9 - CAN-2004-0320

Information about this advisory is available at the following location:...

SOL1952 - Trojan Horse OpenSSH Distribution - CA-2002-24

Information about this advisory can be found at the following location:...

SOL5576 - Authentication vulnerability in Apache mod_digest - CAN-2003-0987

Vulnerability description moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. Information about this advisory is available at the following location:...

SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or...