Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17183
HistoryJun 04, 2007 - 12:00 a.m.

S21Sec-035: F5 FirePass command execution vulnerability

2007-06-0400:00:00
vulners.com
10
JSON

##############################################################

                  - S21Sec Advisory -

##############################################################

 Title:   F5 FirePass command execution vulnerability
    ID:   S21SEC-035-en

Severity: High - Intrusion
History: 14.Feb.2007 Vulnerability discovered
22.Feb.2007 Vendor contacted
Scope: Linux's shell Command Execution
Platforms: Linux based Appliance
Author: Leonardo Nve ([email protected])
URL: http://www.s21sec.com/avisos/s21sec-035-en.txt
Release: Public

[ SUMMARY ]

F5's FirePass SSL VPN appliance provides secure access to corporate
applications and data using a standard web browser.
Delivering outstanding performance, scalability, ease-of-use, and end-
point security, FirePass helps increase the productivity
of those working from home or on the road while keeping corporate
data secure.

FirePass provides:

 * Automatic detection of security compliant systems, preventing

infection.
* Automatic integration with the largest number of virus
scanning and personal firewall solutions in the industry
(over 100 different AV & Personal Firewall versions).
* Automatic protection from infected file uploads or email
attachments.
* Automatic re-routing and quarantine of infected or non-
compliant systems to a self remediation network - reducing
help desk calls.
* A secure workspace, preventing eavesdropping and theft of
sensitive data.
* Secure Login with a randomized key entry system, preventing
keystroke logger snooping.
* Full integration with the FirePass Visual Policy Editor. This
enables the creation of custom
template policies based on the endpoints accessing your network
and your company's security profile.

[ AFFECTED VERSIONS ]

This vulnerability has been tested in F5 FirePass 4100.

[ DESCRIPTION ]

S21sec has discovered a vulnerability in a F5 FirePass SSL VPN
script that allows the injection of Linux's shell command under some
circunstances.
The attacker doesn`t need to be logged in the system in order to
trigger the exploit

The affected script is:

  • my.activation.php3

The variable is:

  • username

[ WORKAROUND ]

F5 has published a security advisory at https://tech.f5.com/home/
solutions/sol167.html
Additionally, hotfix HF-75705-76003-1 has been issued for supported
versions of FirePass.
You may download this hotfix or later versions of the hotfix from the
F5 Networks Downloads site (https://downloads.f5.com/esd/index.jsp).

[ ACKNOWLEDGMENTS ]

This vulnerability has been discovered and researched by:

With thanks to:

[ REFERENCES ]

JSON