15377 : F5 BIG-IP checktrap.pl Remote Command Execution
Printer | http://osvdb.org/15377 | Email This | Edit Vulnerability

Views This Week

Views All Time

115

Info

Last Modified

11 days ago

Percent Complete

100%

Disclosure

May 20, 2004

Discovery

May 12, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

The BIG-IP platform contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to checktrap.pl not properly sanitizing input from syslog before using it to construct a shell command. It is possible that the flaw may allow an attacker to gain control of the system resulting in a loss of integrity. This issue does not affect "default" installations.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.6.2 or 4.5.11 or higher, as these versions have been reported to fix this vulnerability. In addition, F5 Networks has released a patch for some older versions. Versions 4.5 through 4.5 PTF-05 and versions prior to 4.2 are vulnerable but no patch is available.

Products

F5 Networks, Inc.	BIG-IP	4.6.1
		4.5.10
		4.2 PTF-10

References

Vendor Specific Advisory URL: http://tech.f5.com/home/bigip/solutions/security/sol2232.html
http://tech.f5.com/home/bigip/solutions/security/sol3094.html
http://tech.f5.com/home/bigip/solutions/security/sol3160.html
http://tech.f5.com/home/bigip/solutions/security/sol3668.html
Vendor URL: http://www.f5.com

Credit

Gerard Eviston - evistonpobox.com -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

F5 Networks, Inc.

BIG-IP

References

Credit

Blogs

Comments