SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   F5 Enterprise Manager Vendors:   F5 Networks
F5 Enterprise Manager ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files
SecurityTracker Alert ID:  1030777
SecurityTracker URL:  http://securitytracker.com/id/1030777
CVE Reference:   CVE-2014-2927   (Links to External Site)
Updated:  Aug 29 2014
Original Entry Date:  Aug 29 2014
Impact:   Disclosure of system information, Modification of system information, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.0.0 - 3.1.1
Description:   A vulnerability was reported in F5 Enterprise Manager. A remote user can read from or write to arbitrary files on the target system.

A remote user can connect to the rsync service on TCP port 873 to read from or write to arbitrary files on the target system.

The vendor has assigned ID 458827 to this vulnerability.

Thomas Hibbert of Security Assessment reported this vulnerability.

Impact:   A remote user can read from or write to arbitrary files on the target system with root privileges.
Solution:   The vendor has issued a fix (3.1.1 HF2).

The vendor's advisory is available at:

http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html?sr=39957865

Vendor URL:  support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html?sr=39957865 (Links to External Site)
Cause:   Access control error, Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC