SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   F5 BIG-IP Vendors:   F5 Networks
F5 BIG-IP ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files
SecurityTracker Alert ID:  1030778
SecurityTracker URL:  http://securitytracker.com/id/1030778
CVE Reference:   CVE-2014-2927   (Links to External Site)
Updated:  Aug 29 2014
Original Entry Date:  Aug 29 2014
Impact:   Disclosure of system information, Modification of system information, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 11.x prior to 11.2.1 HF11, 11.3.0 HF9, 11.4.0 HF7, 11.4.1 HF, 11.5.0 HF4, 11.5.1 HF3, 11.6.0
Description:   A vulnerability was reported in F5 BIG-IP. A remote user can read from or write to arbitrary files on the target system.

A remote user can connect to the rsync service on TCP port 873 to read from or write to arbitrary files on the target system.

The vendor has assigned ID 458676 to this vulnerability.

Thomas Hibbert of Security Assessment reported this vulnerability.

Impact:   A remote user can read from or write to arbitrary files on the target system with root privileges.
Solution:   The vendor has issued a fix (11.2.1 HF11, 11.3.0 HF9, 11.4.0 HF7, 11.4.1 HF, 11.5.0 HF4, 11.5.1 HF3, 11.6.0).

The vendor's advisory is available at:

http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html?sr=39957865

Vendor URL:  support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html?sr=39957865 (Links to External Site)
Cause:   Access control error, Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC