CVE-2014-6032 – F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1
https://notcve.org/view.php?id=CVE-2014-6032
Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements. Múltiples vulnerabilidades XXE en la utilidad Configuration en F5 BIG-IP LTM, ASM, GTM y Link Controller 11.0 hasta la versión 11.6.0 and 10.0.0 hasta la versión 10.2.4, AAM 11.4.0 hasta la versión 11.6.0, ARM 11.3.0 hasta la versión 11.6.0, Analytics 11.0.0 hasta la versión 11.6.0, APM y Edge Gateway 11.0.0 hasta la versión 11.6.0 and 10.1.0 hasta la versión 10.2.4, PEM 11.3.0 hasta la versión 11.6.0, PSM 11.0.0 hasta la versión 11.4.1 y 10.0.0 hasta la versión 10.2.4 y WOM 11.0.0 hasta la versión 11.3.0 y 10.0.0 hasta la versión 10.2.4 y Enterprise Manager 3.0.0 hasta la versión 3.1.1 y 2.1.0 hasta la versión 2.3.0 permiten a usuarios remotos autenticados leer archivos arbitrarios y causar una denegación de servicio a través de una petición manipulada, según lo demostrado usando elementos (1) viewlist o (2) deal. F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/128915/F5-Big-IP-11.3.0.39.0-XML-External-Entity-Injection-1.html http://seclists.org/fulldisclosure/2014/Oct/128 http://seclists.org/fulldisclosure/2014/Oct/129 http://seclists.org/fulldisclosure/2014/Oct/130 http://www.securityfocus.com/bid/70834 http://www.securitytracker.com/id/1031144 http://www.securitytracker.com/id/1031145 https://exchange.xforce.ibmcloud.com/vulnerabilities/98402 https://exchange.xforce.ibmcloud.com/vulnerabilities/98403 https: •
CVE-2014-2927 – F5 Big-IP - rsync Access
https://notcve.org/view.php?id=CVE-2014-2927
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. El demonio rsync en F5 BIG-IP 11.6 anterior a 11.6.0, 11.5.1 anterior a HF3, 11.5.0 anterior a HF4, 11.4.1 anterior a HF4, 11.4.0 anterior a HF7, 11.3.0 anterior a HF9, y 11.2.1 anterior a HF11 y Enterprise Manager 3.x anterior a 3.1.1 HF2, cuando se configura por error en modo de conmutador, no requiere autenticación, lo que permite a atacantes remotos escribir ficheros arbitrarios a través de peticiones cmi a la dirección IP del ConfigSync. • https://www.exploit-db.com/exploits/34465 http://www.exploit-db.com/exploits/34465 http://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdf https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html • CWE-287: Improper Authentication •
CVE-2014-4023 – F5 BIG-IP 11.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-4023
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en tmui/dashboard/echo.jsp en la utilidad Configuration en F5 BIG-IP LTM, APM, ASM, GTM, y Link Controller 11.0.0 anterior a 11.6.0 y 10.1.0 hasta 10.2.4, AAM 11.4.0 anterior a 11.6.0, AFM y PEM 11.3.0 anterior a 11.6.0, Analytics 11.0.0 hasta 11.5.1, Edge Gateway, WebAccelerator, y WOM 11.0.0 hasta 11.3.0 y 10.1.0 hasta 10.2.4, y PSM 11.0.0 hasta 11.4.1 y 10.1.0 hasta 10.2.4 y Enterprise Manager 3.0.0 hasta 3.1.1 y 2.1.0 hasta 2.3.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios a través de vectores no especificados. F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability. • http://www.securitytracker.com/id/1030776 https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-F5_BIG-IP_Reflected_XSS_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3959
https://notcve.org/view.php?id=CVE-2014-3959
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en list.jsp en la utilidad de configuración en F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM y Link Controller 11.2.1 hasta 11.5.1, AAM 11.4.0 hasta 11.5.1, PEM 11.3.0 hasta 11.5.1, PSM 11.2.1 hasta 11.4.1, WebAccelerator y WOM 11.2.1 hasta 11.3.0 y Enterprise Manager 3.0.0 hasta 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados. • http://secunia.com/advisories/58969 http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html http://www.securityfocus.com/bid/67771 http://www.securitytracker.com/id/1030319 http://www.securitytracker.com/id/1030320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://rhn.redhat.com/errata/RHSA-2014-0328.html http://rhn.redhat.com/errata/RHSA-2014-0419.html http://rhn.redhat.com/errata/RHSA-2014-0432.html http://secunia.com/advisories/59216 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html http://www.openwall.com/lists/oss-security/2014/03/04/6 http://www.securityfocus.com/bid/65943 h • CWE-476: NULL Pointer Dereference •