For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sumanta_88744's avatar
Sumanta_88744
Icon for Cirrus rankCirrus
Jul 20, 2016

F5 LTM hardening (11.6.0 HF 5.0.429)

Hi Experts

 

How to harden the below version to fix the issues after VAPT ?

 

Product BIG-IP 2000 LTM

 

Version 11.6.0

 

Build 5.0.429

 

Edition Hotfix HF5

 

1) OpenSSH Commands Information Disclosure Vulnerability

 

2) Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day

 

3) OpenSSH Plaintext Recovery Attack Against SSH Vulnerability

 

Will Hotfix HF6 cover all the above? Any help appreciated.

 

Thanks,

 

Sumanta.

 

application delivery
BIG-IP
security

7 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jul 20, 2016

    do you have CVE ids for those? with these limited textual descriptions it is hard to determine what exactly the issue might be.

     

  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Jul 20, 2016

    Also, start here...

     

    https://github.com/dnkolegov/bigipsecurity

     

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Jul 20, 2016

    Go to www.askf5.com. Search for each CVE. If you don't find a solution article detailing whether we are vulnerable, please open a case with support and we will generate one. Note that this takes quite some time as it involves a code review of every product. If you don't have CVEs, you will find that support (or devcentral) is of limited assistance.

     

  • Sumanta_88744's avatar
    Sumanta_88744
    Icon for Cirrus rankCirrus
    Jul 28, 2016

    Hi All

     

    The below are the CVEs, they are already addresses by askf5.com

     

    CVE-2012-0814

     

    CVE-2007-6750

     

    CVE-2008-5161

     

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Jul 28, 2016

    You cannot harden the bigIP against CVE-2012-0814 because it is not vulnerable to this CVE as per SOL14446.

     

    The management interface is vulnerable to slow loris as per SOL12636 on all versions and it can be prevented by following best practice and not allowing public access to your management interface. You can read more about the slow loris attack and protecting virtual servers by reading SOL10260.

     

    The correct resolution for CVE-2008-5161 is to upgrade to v11, which is not vulnerable as per SOL14609.

     

    As you have read these articles I am guessing there is something further you feel you need. What exactly do you feel these articles are missing?

     

  • Sumanta_88744's avatar
    Sumanta_88744
    Icon for Cirrus rankCirrus
    Aug 01, 2016

    Hi Chris

     

    Thanks for your update. I have existing version as below. Will latest HF suffice or I should plan for 11.6.1 or 12.x?

     

    Version 11.6.0, Build 5.0.429, Edition Hotfix HF5

     

    Regards,

     

    Sumanta.

     

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Aug 01, 2016

    You should ideally always be on the latest hotfix. Having said that 11.6.0 HF5 is only vulnerable to the slow loris attack on the management plane. It is not vulnerable to either of the other two CVEs. Make sure that your management interface is not accessible from outside your organization, and ideally not accessible outside a dedicated management network. Upgrading to the latest hotfix (or even the latest code revision) will not change this.

     

    11.6.0 HF5 is not vulnerable to CVE-2012-0814 or CVE-2008-5161.