For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

boneyard's avatar
boneyard
Icon for MVP rankMVP
Jun 16, 2014

CVE-2012-6638 mitigation in another way?

it seems the only way to mitigate CVE-2012-6638* is to upgrade to 11.5.x, something which is not always possible, certainly in short time.

 

has anyone implemented any other methods or contacted F5 about fixes in lower versions?

 

*) http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15304.html

 

application delivery
cve-2012-6638
design
LTM
management
security

3 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Jun 16, 2014

    There was a comment on the web that Red Hat 5 and 6 are not affected. AFAIK the base OS for BIGIP image is RHEL 5 but only internal F5 people would be able to tell you for sure.

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jun 16, 2014

    It's actually CentOS now.

     

    No idea around mitigations I'm afraid but remember this only relates to your management interface which I'd hope is on a secure network anyway right?

     

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jun 16, 2014

    thank you what lies beneath, i must have read over that part, makes things a lot less serious.