===================================================================== CERT-Renater Note d'Information No. 2013/VULN269 _____________________________________________________________________ DATE : 27/06/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): BIG-IP software products. ====================================================================== http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html ______________________________________________________________________ sol14468: Client-side component flaw - CVE-2013-0150 Security Advisory Security Advisory Original Publication Date: 06/26/2013 Description A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine. Impact Affected components may allow third party code execution on the affected client. There is no impact to the BIG-IP or FirePass host. Status F5 Product Development has assigned ID 420104 to this vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table: Product Versions known to Versions known to be Vulnerable component be vulnerable not vulnerable or feature BIG-IP LTM 10.1.0 - 10.2.4 9.0.0 - 9.6.1 Client-side components are present on 11.0.0 - 11.3.0 10.2.4-HF7 vulnerable host, but components only installed 11.1.0-HF8 on clients when APM is provisioned 10.0.0 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP AAM None 11.4.0 None BIG-IP AFM 11.3.0 11.3.0-HF6 Client-side components are present on vulnerable 11.4.0 host, but components only installed on clients when APM is provisioned BIG-IP 11.0.0 - 11.3.0 11.1.0-HF8 Client-side components are present on vulnerable Analytics 11.2.0-HF7 host, but components only installed on clients 11.2.1-HF7 when APM is provisioned 11.3.0-HF6 11.4.0 BIG-IP APM 10.1.0 - 10.2.4 11.1.0-HF8 Client-side components 11.0.0 - 11.3.0 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP ASM 10.1.0 - 10.2.4 9.2.0 - 9.4.8 Client-side components are present on vulnerable 10.2.4-HF7 host, but components only installed on clients 11.0.0 - 11.3.0 10.0.0 when APM is provisioned 11.1.0-HF8 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP Edge 10.1.0 - 10.2.4 10.2.4-HF7 Client-side components are present on vulnerable Gateway 11.0.0 - 11.3.0 11.1.0-HF8 host, but components only installed on clients 11.2.0-HF7 when APM is provisioned 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP GTM 10.1.0 - 10.2.4 9.2.2 - 9.4.8 Client-side components are present on vulnerable 11.0.0 - 11.3.0 10.2.4-HF7 host, but components only installed on clients 10.0.0 when APM is provisioned 11.1.0-HF8 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP IQ None 4.0.0 None BIG-IP Link 10.1.0 - 10.2.4 9.2.2 - 9.4.8 Client-side components are present on vulnerable Controller 11.0.0 - 11.3.0 10.0.0 host, but components only installed on clients 10.2.4-HF7 when APM is provisioned 11.1.0-HF8 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP PEM 11.3.0 11.3.0-HF6 Client-side components are present on vulnerable 11.4.0 host, but components only installed on clients when APM is provisioned BIG-IP PSM 10.1.0 - 10.2.4 9.4.5 - 9.4.8 Client-side components are present on vulnerable 11.0.0 - 11.3.0 10.0.0 host, but components only installed on clients 10.2.4-HF7 when APM is provisioned 11.1.0-HF8 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 11.4.0 BIG-IP 10.1.0 - 10.2.4 9.4.0 - 9.4.8 Client-side components are present on vulnerable WebAccelerator 11.0.0 - 11.3.0 10.0.0 host, but components only installed on clients 10.2.4-HF7 when APM is provisioned 11.1.0-HF8 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 BIG-IP WOM 10.1.0 - 10.2.4 10.0.0 Client-side components are present on vulnerable 11.0.0 - 11.3.0 10.2.4-HF7 host, but components only installed on clients 11.1.0-HF8 when APM is provisioned 11.2.0-HF7 11.2.1-HF7 11.3.0-HF6 ARX None 5.0.0 - 5.3.1 None 6.0.0 - 6.3.0 Enterprise None 1.6.0 - 1.8.0 None Manager 2.0.0 - 2.3.0 3.0.0 - 3.1.1 FirePass 6.0.0 - 6.1.0 6.1.0 HF-610-11 Client-side components 7.0.0 7.0.0 HF-70-9 Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. A fixed client component will automatically be downloaded the next time a client is authenticated to the APM or FirePass host. Acknowledgments F5 would like to acknowledge Neal Poole for bringing this issue to our attention, and for following the highest standards of responsible disclosure. Supplemental Information https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0150 Note: This link will take you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge. SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue hotfix policy SOL167: Downloading software and firmware from F5 SOL13123: Managing BIG-IP product hotfixes (11.x) SOL10025: Managing BIG-IP product hotfixes (10.x) SOL9502: BIG-IP hotfix matrix SOL10322: FirePass hotfix matrix SOL3430: Installing FirePass hotfixes ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================