LTM :: SMTPS Command Injection
It seems the SMTPS profile on the LTM allows command injection. It is detected as: SMTP Service STARTTLS Plaintext Command Injection (52611) :: The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials. To test, we modified the standard python smtplib library to send a malicious version of the command by appending the HELP command after STARTTLS. Packet capture shows execution of the command: What have folks done to get around this outside of writing an iRule? This is what I came up with... which SEEMS to work... but I'm by no means an expert. when CLIENT_DATA { if { [string tolower [TCP::payload 10]] starts_with "starttls" } { TCP::payload replace 0 [TCP::payload length] "STARTTLS\r\n" } TCP::release TCP::collect } when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { TCP::release clientside { TCP::collect } }
Vulnerability scanner scan Virtual server found UDP 161 but there is no vip udp port 161?
Hi As title, I used ulnerability scanner to scan virtual server IP to found any open port (I have VIP port 443, 22, 80) result is scanner found UDP port 161 is opened but there is no vip udp port 161 in configuration. Why is UDP port 161 is found? is it by default that every virtual server is open/received port udp 161 too? Thank youVulnerabilities on Configuration utility login page.
Hi everyone I've perform pen-testing and found vulnerabilities on Configuration utility login page like this. 1.) Detect that F5 BIG-IP web management interface is running on this port. (Not sure if it's due to header F5-Login-Page: true, or not.) 2.) HTTP packet inspection. It's show HTTP protocol version used, whether HTTP Keep-Alive and HTTP pipelining are enabled from Configuration utility login page. Can we mitigate these two issue? ps. about (1) I think it's due to header F5-Login-Page but didn't know how to remove this header. about (2) Not sure how to fix this. Might have to perform packet filter IP on httpd services. thank youCan F5 help with the vulnerability in WAZE social-traffic app?
Method: Man-in-the-middle HTTPS Proxy. Ability: Create ghost cars to receive real driver's location broadcast when driving. Create a fake traffic jam. Researchers pointed out WAZE servers did not detect anomaly when in a short period of time, many "cars" were created. Details of vulnerability: http://fusion.net/story/293157/waze-hack/ Welcome any of your thoughts and insights. It seems like web security is more obvious and easier to protect than application security/server-to-server communications.F5 update check issue
We have "Update check" Enabled on F5 and its weekly schedule but in same page it is showing. Why it is saying last update was on 2014? Last Checked Version11.6.0.0.0.401 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available UpdateSoftware is up-to-date. Available HotfixHotfix-BIGIP-11.6.0.2.0.405-HF2 iso installation file Geo Location Software Version Last Checked Version1.0.1-20140703.99.0 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available Updateip-geolocation-1.0.1-20141204.119.0 End User Diagnostics (EUD) Software Version Last Checked Version2.6.0.8.0 Latest Update CheckFri Dec 26 04:02:09 EST 2014 (Automatic) Available UpdateEUD_T-2.6.0.9.0.iso
images and hot fixes
Dears, Im doing a security assessment for the F5 device, and I found 2 vulnerabilities on my image which is 10.2.4 hf2 as per f5 documents : one of them can be solved by hf3 and the second can be solved by hf4 so if i installed hf3 then installed hf4 over it, will this fix the two vulnerabilities ?
OpenSSL vulnerability and Apache Commons FileUpload vulnerability CVE-2014-0050
Hi, I'm big-ip version 11.5.1 HF2 and my BIG-IP iHealth station featuring some vulnerabilities and am not getting correct. 1 - Configuration utility / Apache Commons FileUpload vulnerability CVE-2014-0050 how to make safe configuration utility, this article did not help me much: SOL15189 2 - COMPAT SSL ciphers / OpenSSL vulnerability CVE-2013-6449 This article also did not help me much to fix these vulnerabilities: sol15147 Anyone know how to fix?
