CVE-2018-5529
https://notcve.org/view.php?id=CVE-2018-5529
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. El componente svpn del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7 para Linux y Mac OS X se ejecuta como proceso privilegiado y puede permitir que un usuario sin privilegios asuma privilegios de superusuario en el host del cliente local. Un usuario local malicioso no privilegiado podría obtener conocimientos de información sensible, manipular ciertos datos o interrumpir el servicio. • http://www.securityfocus.com/bid/104730 https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2018-5529.txt https://support.f5.com/csp/article/K52171282 •
CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2018-5527
https://notcve.org/view.php?id=CVE-2018-5527
On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion. En BIG-IP 13.1.0-13.1.0.7, un atacante remoto que emplea métodos no revelados contra servidores virtuales configurados con un perfil Client SSL o Server SSL con la característica SSL Forward Proxy habilitada puede forzar al TMM (Traffic Management Microkernel) a filtrar memoria. Como resultado, el uso de la memoria del sistema aumenta con el tiempo, lo que podría provocar un descenso del rendimiento o un reinicio del sistema debido al agotamiento de memoria. • http://www.securitytracker.com/id/1041196 https://support.f5.com/csp/article/K20134942 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-5528
https://notcve.org/view.php?id=CVE-2018-5528
Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. Bajo ciertas condiciones, TMM podría reiniciarse y producir un archivo core al procesar datos APM en BIG-IP 13.0.1 o 13.1.0.4-13.1.0.7. • http://www.securitytracker.com/id/1041197 https://support.f5.com/csp/article/K27044729 • CWE-20: Improper Input Validation •
CVE-2018-5523
https://notcve.org/view.php?id=CVE-2018-5523
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 y Enterprise Manager 3.1.1, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), también llamado utilidad BIG-IP Configuration, podrían no aplicarse las restricciones sobre los comandos permitidos. • http://www.securitytracker.com/id/1041022 http://www.securitytracker.com/id/1041023 https://support.f5.com/csp/article/K50254952 •